Citizens Financial Group, Inc.
Job Description
Enterprise Technology & Security Risk Director The Enterprise Technology & Security (ETS) Risk Director directs a team of risk professionals, developing comprehensive risk management strategies, and ensuring the organization's technology risk practices are robust, effective, and aligned with industry standards and regulatory requirements. This executive-level position provides strategic leadership over a dedicated ETS risk function, setting the direction for risk identification, assessment, and mitigation across the bank's technology and security domains. The Director serves as a key advisor to senior leadership on technology risk matters, drives the maturation of the enterprise risk framework, and maintains strong relationships with regulators, audit, and governance bodies. Responsibilities Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement. Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices. Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes. Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high-quality outcomes. Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices. Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision-making. Provide clear, actionable, executive-level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance. Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation. Lead oversight of Third-Party Risk Management for the organization's technology and security critical service provider relationships. Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization's risk posture. Champion a strong risk-aware and risk-informed culture across the technology organization through education, engagement, and communication. Team-Specific Requirements Cloud & Modern Engineering Platforms Working knowledge of cloud services and architectures (AWS and Azure preferred), including shared responsibility models, identity and access management, and cloud-native security controls. Experience assessing risk in DevSecOps, CI/CD pipelines, containerized workloads (Docker/Kubernetes), and infrastructure-as-code environments. Infrastructure, Platform & Engineering Risk Strong understanding of enterprise infrastructure platforms, including Windows, Linux (RHEL), virtualization (VMware), databases, middleware, and core network services. Experience evaluating end-of-life (EOL) / end-of-support (EOS) risk, technical debt, and remediation prioritization across large engineering estates. Cybersecurity & Resilience Hands-on familiarity with vulnerability management, platform hardening, secure configuration standards, and threat remediation prioritization. Experience with technology resilience, including BCP/DR, cyber recovery, data protection, backup strategies, and resiliency testing. Ability to translate engineering and cyber risks into business impact, service disruption, regulatory exposure, and customer risk. Risk Frameworks & Governance Deep experience with enterprise technology risk management routines, including RCSAs, issue management, risk assessments, targeted reviews, and control testing. Working knowledge of regulatory and risk frameworks relevant to financial institutions (FFIEC, NIST, ISO, COBIT, COSO, CRI). Proven ability to synthesize large volumes of technical risk data into clear, prioritized executive-level insights. Risk, Issue, and Compliance Management Experience using GRC Archer (or equivalent platforms such as OpenPages) to manage RCSAs, issues, action plans, metrics, and regulatory responses. Familiarity with risk reporting, risk dashboards, and executive-level risk metrics. Engineering, Security & ITSM Tooling Working knowledge of common enterprise tooling used by engineering and cyber teams, such