Sr. Cybersecurity Operational Risk Officer

Location:4910 Tiedeman Road, Brooklyn OhioAbout the JobReporting to the Director of Cybersecurity Risk Oversight, the Sr. Cybersecurity Risk Oversight Professional is a 2nd Line of Defense risk management position that provides independent oversight and Risk Management subject matter expertise to 1st Line of Defense Business units and their corresponding Business Risk and Control Analysts.This position is responsible for Operational Risk oversight of the Key Technology and Operations Services line of business, as well as technology and information security risk oversight for areas of the enterprise that manage technology. As part of this oversight role, experience with cybersecurity domains, operations, architecture, governance, information security, and the ability to leverage that experience to identify material risks, provide credible challenge and assist in developing effective mitigation strategies.Essential FunctionsEvaluate risk and control identification within key processes and perform gap assessments on control coverage as well as first line of defense identification processesCollaborate with leaders to gain insights on operational performance, emerging risks and strategic initiatives while identifying opportunities for improvement.Evaluate and monitor projects, strategic initiatives, and new technologies to ensure alignment with risk tolerance and business goals.Review risks, controls and, conduct assessments to support effective oversight and compliance with risk management requirements.Oversee the technology portfolio, assessing projects and initiatives to ensure alignment with risk appetite and adequate mitigation strategies.Support and enhance the overall risk oversight framework by developing and updating oversight practices.Partner with various teams to influence the implementation of operational practices to mitigate risk within appetite.Provide expert advice on risk management practices, offering practical solutions to mitigate identified risks.Analyze and assess risks associated with new products or services including third parties.Assist with audits and regulatory examinations, ensuring through and timely responses to inquiries and findings.Foster positive relationships with business partners and senior management ensuring open communication on risk matters.Escalate and report any significant risk issues and facilitate appropriate corrective actions.Perform ongoing monitoring of emerging risks, industry and regulatory trends.Required QualificationsBachelor’s degree in business, finance, technology, or economics or commensurate/relevant degree is required.Minimum of 5 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the technology or information security lines of business.Outstanding active listening skillsDemonstrated ability to work with internal and external auditors and regulators.Ability to think strategically coupled with the ability to drive to executionAbility to view risk holistically within a dynamic, fast paced team environmentIn-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes.Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies.Capable of conducting in depth testing of systems, processes and controlsManage workflows and task assignment to ensure timely completion of workHave an execution oriented, process efficiency and continuous improvement mindsetPossessing intellectual curiosity and a passion for seeking to understandProven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practicesLicenses and CertificationsApplicable certifications such as:ISACA: CISA, CRISC, CET, CGEIT, CISMISC2: CISSP, CCSP, SSCPCloud Security Alliance Certs: CCAKCloud Provider-Specific CertificationsPreferred QualificationsMBA, Law Degree or other relevant advanced educationCurrent and practical knowledge of Technology and/or Information Security activities, challenges, and workflowsAdditional industry certifications such as those listed aboveBS or Masters in Technology or Security related fieldFoundational knowledge of Archer GRC preferredProject management, Agile experience preferredTactical SkillsDemonstrated experience working with regulatory agencies, guidelines and requirementsStrong ability to work with all levels of management within the companyExperience working/managing projects across multiple functional areas and dealing with multiple business partnersExperience working on initiatives that require strategic planning/thinkingFlexibility to switch priorities based on the needs of the company in a fast-paced environmentAbility to grasp complex processes quickly and be able to identify risks and compensating controlsExcellent problem-solving abilities and results oriented; able to make decisions independentlyProven ability to work as a teamStrong leadership skills and ability to influence othersSound understanding of compliance and operational risks and internal control frameworksStrong analytical/research skills coupled with ability to effectively summarize findingsExcellent oral, written and interpersonal skillsAbility to adapt to change and communicate changing requirementsExcellent organizational skills and meticulous attention to detailSelf-motivatedProficient PC skills with experience in Microsoft Office, Outlook and, SharePointPersonal SkillsAdaptability: Demonstrates a willingness to listen to other opinions and adjusts to new or changing assignments, processes, and people while avoiding snap reactionsAgile Mindset: Explains specific agile processes and its associated checkpoints and deliverables and applies major agile tools and techniques to accomplish tasks; understands that failures/defects equate to new learningsCollaboration: Demonstrates experience in participating in productive collaborative processes that help solve business problems and meet business goalsProblem Solving: Demonstrates the ability to examine a specific problem and understand the perspective of stakeholders; uses fact-finding techniques to identify and document specific problemsPractical SkillsBusiness Acumen: Participates in business tasks to get things done in own business unit and communicates key considerations for business decision-making processesData Analysis: Identifies correlations that reveal trends and determine conditions, often with disparate data sets; Evaluates the quality of data collected and the effectiveness of data analysis methods for evaluating performanceOral & Written Communication: Possesses the ability to adapt listening and facilitation style to others’ communication styles and uses various approaches appropriately and effectivelyRisk Management: Implements or manages risk management for own business unit and documents key steps of the risk management process and associated proceduresSystems Thinking: Analyzes the dynamics of a system to determine key characteristics, properties, and functions; surfaces problems within systems and searches for root causes while leveraging a foundational knowledge of continuous improvementCore CompetenciesAll KeyBank employees are expected to demonstrate Key’s Values and sustain proficiency in identified Leadership Competencies.Physical DemandsGeneral Office - Prolonged sitting, ability to communicate face to face in person or on the phone with teammates and clients, frequent use of PC/laptop, occasional lifting/pushing/pulling of backpacks, computer bags up to 10 lbs.TravelOccasional travel to include overnight stay.COMPENSATION AND BENEFITSThis position is eligible to earn a base salary in the range of $96,000.00 - $181,000.00 annually. Placement within the pay range may differ based upon various factors, including but not limited to skills, experience and geographic location. Compensation for this role also includes eligibility for incentive compensation which may include production, commission, and/or discretionary incentives.Please click here for a list of benefits for which this position is eligible.Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.Job Posting Expiration Date: 05/28/2026 KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law.Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing View email address on click.appcast.io.#LI-Hybrid #J-18808-Ljbffr KeyCorp