Job Description
Zions Bancorporation is one of the nation’s premier financial services companies operating as a collection of great banks under local brands and management teams in high-growth western markets. Zions is regularly recognized by American Banker magazine as having a top banking team in its list of “The Most Powerful Women in Banking.” Our customers consistently vote us as the best bank in our local markets. We value our employees, and we are committed to search out, recognize and create fulfilling opportunities for outstanding people within our organization, rewarding them for their contributions to our success. We recognize that banking is a “local” business, and that to be successful, we must have very strong ties to the communities we serve and strong relationships with our customers. With benefits starting on day one, 12 bank holidays, profit sharing and company-matched 401(k) contributions, Zions is dedicated to being an employer of choice in our communities. At Zions, the possibilities are endless. You bring the talent; we bring the opportunity. Zions Bancorporation is seeking an experienced Technology and Operations Risk Manager within the Data, Technology and Cyber Risk Management Organization (DTCRO) with demonstrated expertise in risk oversight. This role provides independent 2nd Line oversight and credible challenge of the Bank’s Cybersecurity and Technology organizations. The Technology and Operations Risk Manager will drive a risk‑focused, disciplined, and balanced approach to evaluating and strengthening risk management practices, control effectiveness, and governance processes in a complex technology and business environment, while leading a small team of risk professionals. The Technology and Operations Risk Manager will provide independent 2nd Line oversight of Cybersecurity and Technology risk management, including risk‑based coverage planning, credible challenge, targeted assessments, thematic analysis, and clear reporting to governance forums and regulators. The Technology and Operations Risk Manager is a self‑starter responsible for the following: Risk Oversight & Governance Provide independent 2LOD oversight of Cybersecurity, Technology and Supplier risk management. Define and communicate independent risk views for assigned oversight domains, including emerging risks and thematic trends. Evaluate alignment of 1LOD activities with enterprise risk frameworks, risk tolerances, and regulatory expectations. Risk Assessment, Monitoring & Reporting Lead and/or perform risk and control assessments, targeted reviews, and 2LOD control testing activities, to assess risk mitigation effectiveness. Provide embedded risk monitoring by participating in recurring and planned activities delivering real-time credible challenge and escalating material concerns when warranted. Monitor Key Risk Indicators (KRIs) and metrics against stated risk appetite and tolerance thresholds. Prepare and deliver quantitative and qualitative risk reporting to management committees, executives, and the Board. Identify, challenge, and escalate material risks and control weaknesses in a timely and constructive manner. Oversee issue identification and remediation to ensure root causes are properly addressed. Stakeholder Engagement & Advisory Establish and maintain strong working relationships with technology, cybersecurity, and supply chain business partners. Engage with stakeholders to embed effective risk management practices into daily operations and strategic initiatives. Provide industry and regulatory expertise to inform risk decisions and governance discussions. People Leadership & Capability Building As leader within DTCRO, collaborate with other leaders to continually mature best practices and foster a respectful, inclusive, and positive team culture. Lead and develop a high-performing team through hiring, coaching, performance management, and succession planning. Operational Management Maintain accountability for budget oversight while adapting to evolving regulatory priorities, business needs, and emerging risks in support of the DTCRO organization. Qualifications: 10+ years in 1st or 2nd Line Risk Management or IT Audit, with expertise in at least two areas: cybersecurity, technology, cloud risk, or emerging technologies (e.g., GenAI, Quantum). Strong knowledge of cybersecurity and technology; dedicated to continuous learning. Experience with 2LOD oversight models and disciplined documentation for oversight activities and credible challenge. Strong leadership, relationship management, strategic thinking, diplomacy, and negotiation skills. Effective team leader who drives business objectives, promotes communication and teamwork, and mentors and develops team members’ skills