IT Risk Manager IT Risk Manager …

Silicon Valley Bank
in Tempe, AZ, United States
Permanent, Full time
Be the first to apply
Silicon Valley Bank
in Tempe, AZ, United States
Permanent, Full time
Be the first to apply
IT Risk Manager
Silicon Valley Bank serves many of the most innovative companies in the world. Our clients are forward thinkers. True believers. Optimists. Game-changers. Inspired by them, we're changing the face of banking. We need technology experts with the same can-do attitude as our clients. We're looking for creative thinkers who want to create a truly seamless banking experience on a global scale.

We have an exciting opportunity in our Governance, Risk & Compliance team. The IT Risk Manager will be responsible for running and improving the IT risk management program based on industry-accepted risk frameworks and SVB standards. This individual will be an integral part of the Global Services organization and will help improve the maturity level of IT risk practices across the bank, as the organization continues to grow at a rapid pace.

This function has the core responsibility of leading and supporting the Technology organization in its efforts to identify, measure, monitor, and control IT risks. The IT Risk Manager will help provide the framework, processes, tools, consultancy and training necessary for Technology to properly manage risk and to make risk-based decisions for in its activities.

The role will focus on proactive identification and mitigation of Technology risks as well as responding to observations identified by third party auditors or examiners. The IT Risk Manager will also assist in developing periodic reports and dashboards presenting the level of controls compliance and the current IT risk posture.

Primary responsibilities include:

  • Horizontal Relationships: Build effective relationships with IT management and staff, as well as external stakeholders in Security, Compliance, Enterprise Risk Management, and Internal Audit. Broaden and deepen knowledge of the business and environment of IT with respect to the delivery of projects, strategic initiatives and systems portfolio to effectively assist IT managers and staff with risk and compliance management.

  • Audit Coordination & Action Plan Development: Assist IT managers and staff with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements including SOX, GLBA and PCI through proactive planning and communication, ownership and relationships. Act as an escalation point for issues raised by the auditors.

  • IT Risk Self-Assessments: Conduct information technology risk self-assessments to identify gaps and make sound recommendations for improvement. Identify acceptable levels of residual risk, and assist with action plans, policy and procedural changes for risk mitigation.

  • IT Self-testing: Perform self-testing in areas within Information Technology to determine adherence to controls, policy, procedures and standards. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures are taken.

  • Active Action Plan Monitoring: Track mitigation steps (from self-assessments, exams, audits etc.) and ensure that risks are remediated appropriately and in a timely manner.

  • Policies, Standards, Procedures & Methods: Assist IT management and staff with the development of IT policies, standards, guidelines, procedures and methods. Champion industry best practices and standard frameworks such ISACA, COBIT, ITIL, CMMI, etc.


  • BA /BS Degree required; Advanced degree (MIS or MBA) preferred

  • Big 4 Audit firm or similar experience preferred

  • 5+ years' Information Technology experience and/or Risk Management disciplines preferably in the financial services industry

  • Proficiency in information security, risk management, and audit (risk/security policies, procedures and control)

  • Thorough knowledge of one or more IT processes and controls and a deep understanding of risk and control frameworks (CoBIT, ISO, NIST, ITIL, PCI)

  • Excellent written, verbal and presentation communication skills

  • General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53 and SOX Compliance

  • Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and make quick decisions

  • One or more of CISA, CRISC, CISM, CISSP, or CGEIT certification required