Director, Technology Risk and Business Continuity

Location US-NY-Long Island City
Category
Risk

Why join this team

Oversee IT, Information Security, and Business Continuity/Disaster Recovery (BCP/DR) risks across the credit union. Partner with technology and business leaders within the three lines of defense framework to provide independent oversight and advisory support, ensuring technology risks are effectively managed and aligned with the organization's risk appetite, regulatory expectations, and strategic objectives. Serve as the primary liaison between Enterprise Risk Management and technology leadership to promote transparency, resilience, and informed risk-based decision-making.

 

- This position is hybrid.


- NYC Salary Range: $150,000 - $200,000 annually: compensation is commensurate to geographic location.

What you'll do

ACCOUNTABILITIES:


Technology and Emerging Risk Oversight
• Regardless of seniority or role, uphold UNFCU’s mission, core values, and guiding principles by providing an exceptional service experience to colleagues and members alike through consistent demonstration of our service excellence behaviors.

• Provide independent second-line oversight of Information Technology, Information Security/Cyber, AI, technology resilience, and infrastructure risks, ensuring effective governance across the organization.

• Assess and challenge first-line risk assessments, control effectiveness, and mitigation strategies related to core systems, cloud adoption, data management, AI, automation, and third-party technology risks.

 

AI Risk and Governance

• Provide independent oversight of AI governance, including AI use cases, model lifecycle controls, decision-support frameworks, and risks such as bias, explainability, data integrity, and misuse.
• Partner with technology and business leaders to ensure AI initiatives align with regulatory requirements, governance standards, ethical principles, and effective management of financial, operational, and reputational risks.
 
Information Security Risk Governance
• Partner with Information Security leadership to provide independent oversight of cyber risk management, including security incidents, identity and access management, data protection, threat and vulnerability management, and alignment with regulatory and industry standards.
 
Business Continuity & Disaster Recovery Oversight
• Provide independent oversight of the organization's Business Continuity and Disaster Recovery (BCP/DR) frameworks, including scenario design, testing effectiveness, recovery objectives (RTO/RPO), and operational resilience.
• Partner with first-line technology leadership to review and challenge BCP/DR strategies, testing results, remediation efforts, and readiness for technology failures, third-party disruptions, and other resilience scenarios.
 
Risk Identification, Monitoring, and Reporting
• Develop and maintain the technology and operational resilience risk framework, including key risk indicators (KRIs), thresholds, and enterprise-wide risk integration.
• Monitor and escalate material IT, cyber, and resilience risks to executive leadership and the Risk Management Committee through effective reporting and governance.
 
Governance and Cross-Functional Coordination
• Serve as the primary Enterprise Risk Management liaison to IT leadership, business lines, and operational teams, fostering effective collaboration and risk governance.

• Provide independent second-line oversight by challenging first-line risk ownership and supporting key governance forums, including technology, product, and incident management committees.

 

Issue Management and Continuous Improvement

• Partner with first-line stakeholders to identify technology-related issues, validate root causes and remediation plans, and monitor corrective actions through resolution.

• Support the Issue Management Program by ensuring technology risks are documented, tracked, and resolved in compliance with regulatory requirements and the organization's Code of Ethics and Business Conduct.

What we're seeking

• Bachelor's degree in Risk Management, Information Systems, or related field
• 10+ years of experience in a financial services environment with exposure to regulated environments, including a minimum of 4 or more years in a second line or commensurate risk function
• Experience in technology, cyber, and operational resilience risk management, including regulatory compliance, risk identification, monitoring, issue management, risk reporting, and cross-functional collaboration with business partners. 
• Demonstrated ability to provide independent challenge to senior stakeholders, translate technical risks into business and financial impacts

• Strong knowledge of enterprise risk management, financial services regulations (e.g., NCUA, FFIEC, OCC), the three lines of defense model, and technology, cyber, and emerging AI risk frameworks (e.g., NIST, ISO, COBIT).

• Proficient in Microsoft Office, particularly Excel, with sound risk judgment, analytical skills, and the ability to provide independent, objective oversight.

• Strategic thinker with strong digital, cyber, and AI risk awareness, capable of balancing governance, partnership, and practical business solutions.

• Exceptional executive communication and influencing skills, with the ability to build relationships and drive outcomes without direct authority, including presenting to senior leadership and the Board.

What makes you stand out

• Technology Risk Management experience

• Excellent communication skills

Who we are

UNFCU is a global not-for-profit financial institution that serves the UN community. We are committed to providing peace of mind to our members and colleagues and strive to achieve service excellence in all that we do. The best part of UNFCU is the people. Those that choose to work with us often find personal fulfillment, professional growth and a purposeful culture.

 

UNFCU is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. UNFCU prohibits discrimination and harassment of any type. All applicants will be considered for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by country, federal, state or local laws.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed