Vice President, First Line Product Risk Management

Position Summary: First Line of Defense risk management activities in Product and Strategy. The role will work with the Chief Product Officer, Chief Risk Officer and others in establishing an embedded FLOD capability in the Product and Strategy Organizations, with goals of 1) enhancing risk culture; 2) elevating the efficiency and effectiveness of existing Product risk and controls activities, including adherence to risk appetite, executing targeted product risk assessments, execution of the RCSA (risk & control self-assessment), identification and management of issues; 3) aligning product and strategy practices and tools with leading practices being implemented in other areas of the firm (e.g. Technology and Operations), in coordination with the other risk professionals in the company; and 4) supporting Product and Strategy activities required to manage audit and examination activities. The VP, Product Risk and Controls is responsible for identifying and assessing risk management as well as the effectiveness of controls for all product and innovation activities across the company Product and Strategy portfolio and working with the teams to own and remediate risk and enhance procedures and controls. Specific products that will be included are CHIPS (Wire), EPN (ACH), Check Image, RTP, Token, Fraud and other newer products as required. This work will involve collecting information and artifacts regarding control execution, in order to identify areas of improvement and provide support to implement enhancements. This role will work with Product Managers and the Strategy team to communicate and implement risk management methodology and processes in coordination across First, Second and Third Lines of Defense and in alignment with the Company Risk Policy. Additionally, the role will involve extensive interaction with external stakeholders, including supervisors.

Essential Functions and Responsibilities:

• Work with Chief Product Officer, Chief Risk Officer, Strategy, and Enterprise Risk Management on the strategic roll out of the FLOD strategy for the Product and Strategy Teams
• Provide thought leadership and constructive challenge to Product and Strategy leaders to enhance risk culture and awareness of risk issues in the organization
• Support Product and Strategy teams on all aspects of in-business risk and control
• Perform and review RCSA and control testing to ensure operational effectiveness of controls
• Assist in coordinating risk and control information for audits and external reviews (e.g. supervisors, external audit, etc.)
• Assist Enterprise Risk Management in evolution of company risk appetite statements to align with product and strategy risks and objectives
• Apply sound judgment in evaluating risks and controls. Effectively challenge product, operations, and technology leads on the identification and acceptance of risks and the adequacy of controls.
• Assess and highlight opportunities for improvement around risk culture, knowledge and process
• Build, maintain and enhance business relations with department and business heads for the smooth implementation of risk management activities across the organization
• Represent the firm at the internal and external risk committees, and to the supervisors, to provide periodic updates on risk matters
• Ensure the organization's risk profile as related to its activities and dependencies are in alignment with the company Business Strategy and Risk Appetite
• Ensure the firm’s Risk Culture is positively impacted through effective risk training and risk tools
• Manage and develop junior team members and manage consultants as applicable
• Analyze metrics, help identify areas of improvement and collaborate on the enhancement efforts
• Track and report on the status of self-identified issues and remediation plans
• Perform independent process reviews

Qualifications Required:

• Bachelor’s degree in risk management, business administration, finance, or a related area degree
• At least 6-8 years of risk management experience serving as a subject matter expert in Enterprise or Operational Risk Management (preferably related to Operations, Technology, or Product management)
• 10 years of financial services work experience managing and implementing enterprise-wide projects, multi-tasking on projects with competing priorities, process decomposition and reengineering, risk assessments, due diligence, Operational Risk Management, Enterprise Risk Management, Product management, and/or Technology Risk Management
• Proven experience in working with or contributing to First Line of Defense or ERM and/or ORM framework in a dynamic and complex organization
• Applied experience with risk governance and control industry frameworks, such as COSO or equivalents
• Current knowledge of regulations and emerging industry risks and trends in the finance, banking and payments system industry
• Ability to understand management objectives, risk appetite, tolerances and impact of changes to risk profiles
• Familiarity with risk management and control frameworks
• Experience in analyzing or managing business processes such as in a high impact technology service delivery environment
• Strong analytical skills with ability to organize, analyze and present information
• Excellent communication skills, written and oral
• Demonstrated ability to influence peers to achieve mutually beneficial outcomes
• Attention to detail and organization

Qualifications desired:

• Advanced degree such as Masters in Risk Management, or MBA in Finance, Business or a related field
• Product risk management experience in the payments industry
• FRM, PRMIA or other Risk Management certification
• Technology and/or Information Security risk related certification (e.g. CISSP, CRISC, CISA)
• Experience working with IT risk frameworks such as NIST, COBIT, and ITIL
• Experience designing and implementing Risk Taxonomies, Risk Measurement methodologies and or Key Risk Indicator frameworks
• Experience in Payments and/or Banking related fields, including Payments or Banking Technology
• RSA Archer or other GRC experience
• Knowledge of change management processes e.g. experience with SDLC, Agile
• Knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis