CrawlJobs Logo

Sr. Manager, Information Technology and Information Security Risk

United States, Reston · Job Posted May 27, 2026
Apply Position
Job Link Share

Job Description

Sr. Manager, Information Technology and Information Security Risk Hybrid Work Schedule- 3 days onsite in Reston, VA SUMMARY OF POSITION: The Information Technology and Information Security Risk (IT/IS) Sr. Manager plays a critical enterprise-wide role in overseeing cybersecurity, technology, data, AI and information security risk governance. This role partners with the Chief Risk Officer (CRO) and the Enterprise Risk Management team in identifying, assessing, and monitoring the organization’s technology and cybersecurity risk profile to ensure alignment with the our client’s strategic objectives, risk appetite, and regulatory expectations. This role has broad ownership and visibility across the enterprise and serves as a key second-line risk partner to senior leadership, business lines, IT, Information Security, Compliance, and third-party vendors. The Senior Manager will help ensure adherence to regulatory expectations from agencies such as FHFA, FFIEC, OCC, FDIC, SEC, and FINRA. This person will partner with business lines, IT, and compliance teams to maintain a strong security posture and reduce exposure across critical financial systems and third-party relationships, strengthening the organization’s overall cyber resilience and operational risk management framework. Core Responsibilities Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations. Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes. Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts. Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations. Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations. Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite. Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises. Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate. Monitor cybersecurity and financial sector threat intelligence; communicate emerging risks to leadership. Oversee IT and IS key risk indicators (KRIs) and maintain clear and accurate dashboards and reporting metrics for senior management, risk committees, and regulators Ability to analyze complex technical environments and communicate risk in business-focused terms. Strong knowledge of information security frameworks including NIST CSF, NIST 800‑53, ISO 27001, CIS Controls. Effective communication skills for interacting with auditors, examiners, and senior management. PREFERRED SKILLS AND EXPERIENCE: Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred. 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred. Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python). Experience working in a regulated financial services or technology environment. CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications

Job Responsibility

  • Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations
  • Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes
  • Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
  • Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts
  • Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations
  • Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations
  • Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite
  • Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
  • Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises
  • Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate
  • Monitor cybersecurity and financial sector threat intelligence
  • communicate emerging risks to leadership
  • Oversee IT and IS key risk indicators (KRIs) and maintain clear and accurate dashboards and reporting metrics for senior management, risk committees, and regulators
  • Ability to analyze complex technical environments and communicate risk in business-focused terms
  • Strong knowledge of information security frameworks including NIST CSF, NIST 800‑53, ISO 27001, CIS Controls
  • Effective communication skills for interacting with auditors, examiners, and senior management

Requirements

  • Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred
  • 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred
  • Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python)
  • Experience working in a regulated financial services or technology environment
  • CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Sr. Manager, Information Technology and Information Security Risk

8 matching positions

Sr. Information Security Administrator

Get ready to take your place on n11, an open market platform has made valuable c...
Location
Location
Turkey , Istanbul
Salary
Salary:
Not provided
ariteknokent.com.tr Logo
İTÜ ARI Teknokent
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or a related field
  • Minimum 4 years of experience in application security, vulnerability management and information security
  • Experience with SAST, DAST, SCA, IAST, IaC, SBOMs and Secret Management
  • Expertise in utilizing various security tools such as Burp Suite, OWASP ZAP, Acunetix, Fortify, and Checkmarx, along with vulnerability scanners
  • Experience with security requirements for APIs. (SOAP, REST, GraphQL etc.)
  • Experience with Manuel Source Code Analysis and Penetration Testing of Mobile and Web Applications
  • Experience with container security, such as Docker and Kubernetes
  • Familiarity with “secure by design” and “shift left” security principles
  • Strong knowledge of software security risks and threats (OWASP top 10)
  • Solid understanding of web-based application technologies, web services/APIs, web-based authentication/single sign-on protocol and technologies
Job Responsibility
Job Responsibility
  • Perform manual and automated penetration testing on applications to identify and exploit vulnerabilities
  • Integrate and automate application security testing tools (SAST, DAST, SCA,IaC, Network Scans)
  • Devise, implement, and monitor vulnerability response processes to efficiently remediate critical and zero-day vulnerabilities
  • Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs
  • Provide training to development teams on secure coding practices and awareness of emerging security threats
  • Stay abreast of emerging application security trends and threats, researching new attack vectors to update vulnerability management strategies accordingly
  • Utilize scripting languages (Python, Ruby, Bash, etc.) to build automation tools as needed
  • Manage DLP, SIEM, PAM, EDR, IAM, DAM , SCC , Mail Gateway Security Tools
  • Improve General Security of Networks , Cloud and Systems
  • Provide Single Point of Contract for the General information Security
  • Fulltime
Read More
Arrow Right

Sr. Manager, Cyber Risk & Analysis | Retail Bank Premium Products & Experiences

As a Sr. Manager, Cyber Risk & Analysis | Retail Bank Premium Products & Experie...
Location
Location
United States , McLean, Virginia | Richmond, Virginia
Salary
Salary:
182500.00 - 229100.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5 years of experience in Cybersecurity, Technology, Consulting, Audit, or Risk Management
  • At least 3 years of People Management experience
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM) certification
  • Certified AI Governance Professional (AIGP) certification or other relevant AI risk management certifications
  • Experience in a Large Financial Services or consulting organization
Job Responsibility
Job Responsibility
  • Act as the end-to-end tech and cyber risk partner for senior technology executives
  • Design and implement AI applications, agents, and automation workflows to enhance risk monitoring efficiency
  • Rationalize tech and cyber controls to align with technology processes
  • Execute large-scale architecture transformation programs and technology integrations
  • Collaborate with Cyber, Audit, and Risk functions to ensure coverage of shared controls
  • Serve as the primary point of contact for audit and compliance engagements
What we offer
What we offer
  • Performance based incentive compensation
  • Cash bonus(es)
  • Long term incentives (LTI)
  • Health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Sr. Director, Information Security Officer (Global Payment Networks)

As Senior Director, Information Security Officer, you will work with the busines...
Location
Location
United States , McLean; Richmond; New York; Plano; Chicago
Salary
Salary:
286200.00 - 392000.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree
  • At least 9 years of experience in Information Security
  • At least 7 years of experience in people management
  • At least 5 years of experience with cyber policies, standards, and procedures
  • At least 5 years of experience in securing public cloud environments and services (AWS, GCP, Azure)
Job Responsibility
Job Responsibility
  • Be a leader at a premiere technology and financial services company
  • Lead a team of Product Security advisory professionals, responsible for Divisional cyber strategy integration and execution, identification and management of risk for top business initiatives and technology platforms, threat and vulnerability management, incident management, supply chain cyber risk management, cyber risk oversight and reporting
  • Deliver Cyber agenda and integration of Information Security within business objectives for line of business area
  • Serve as the central point of contact for your line of business technology executives into Capital One’s Cyber risk management priorities
  • Educate and influence executive leadership and associates to effectively leverage security capabilities and solutions to mitigate risks and emerging threats
  • Provide security expertise on prioritizing and managing information security risks and initiatives
  • Escalate and manage cyber security risk
  • Provide regular updates to executive leadership with your line of business on the overall information security health and risk environment
  • Work with business leadership to anticipate their objectives and needs to better serve them
  • Be an advocate for security and an advocate for business and digital innovation
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right

Sr Director of Information Security

We are looking for an experienced and strategic leader to oversee information se...
Location
Location
United States , Emeryville
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 15 years of experience in information security, risk management, or enterprise IT
  • At least 7 years of leadership experience managing security teams and vendor ecosystems
  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field preferred
  • Strong expertise in IT strategy and executive leadership
  • Proficiency in advanced cybersecurity systems, including Cisco ASA Firewall and threat detection
  • Familiarity with Agile Scrum methodologies and disaster recovery planning
  • CISSP certification or equivalent credentials
  • Proven track record in incident response and mitigating security risks
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive information security strategy aligned with organizational goals
  • Lead and mentor a team of security experts, fostering growth and collaboration
  • Oversee the implementation of advanced cybersecurity measures to protect sensitive data and systems
  • Manage vendor relationships and evaluate third-party security solutions
  • Monitor and respond to security incidents, ensuring timely resolution and prevention of future threats
  • Establish and maintain disaster recovery and business continuity plans
  • Ensure compliance with regulatory standards and industry best practices
  • Collaborate with executive leadership to align security initiatives with business objectives
  • Conduct regular risk assessments and implement mitigations to address vulnerabilities
  • Stay informed about emerging threats and technologies to proactively enhance security measures
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • company 401(k) plan
Read More
Arrow Right

Sr Specialist, Physical Security Implementation and Design

The Sr. Physical Security Specialist is responsible for designing and implementi...
Location
Location
United States , Berlin, Connecticut; Manchester, New Hampshire; Springfield, Massachusetts
Salary
Salary:
70249.03 - 110391.33 USD / Year
comcastadvertising.com Logo
Comcast Advertising
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Ability to read, analyze, and interpret engineering and construction drawings, specifications, financial reports, and other relevant documents
  • Strong knowledge of electronics, electrical systems, computer programming, site management, and installation experience
  • Proficiency in analyzing and troubleshooting electronic systems
  • Excellent communication skills, both oral and written, in English technical language, including interpreting requirements and providing reports
  • Ability to thrive in a fast-paced, ever-changing environment
  • Demonstrated integrity, professionalism, and good judgment
  • Strong interpersonal skills and relationship-building abilities
  • Excellent writing and editing skills, including experience with drafting, and editing substantial written work products
  • Ability to work independently and collaboratively with all levels of management, manage multiple projects, and consistently meet deadlines with high-quality work
  • Strong project management and organizational skills, including the ability to work independently on complex projects with minimal supervision
Job Responsibility
Job Responsibility
  • Ownership of all aspects of physical security projects from project start to finish including scope, design, vendor management, commissioning and invoicing
  • Conducts site walk-throughs with physical security management, drafts security designs and comprehensive scopes of work, procures quotes, and collaborates with vendors, project managers, general contractors, and key business partners until final commissioning
  • Works with program manager(s) to meet project milestones, provide timely updates, identify solutions, and reduces risks for the successful implementation of enterprise security technology solutions
  • Responsible for systems associated with physical badge credentials, access management, access control platforms, video management systems, and intruder detection including deployment, operations, and maintenance
  • Possesses expertise in the installation and servicing of systems and devices(such as AMAG, Genetec, Axis, Hanwha, HID, and various intercom, and turnstile manufacturers or similar systems)
  • Completes physical security assessments as required to maintain compliance
  • Provides training to security personnel on the use of access control, video management, and detection systems
  • Obtains and maintains system certifications to ensure up-to-date knowledge and expertise
  • Performs other duties as assigned
What we offer
What we offer
  • Medical, prescription, vision, and dental insurance for eligible employees
  • 401(k) savings plan with dollar-for-dollar matching up to the first 6% of your pay
  • Paid time off including eight observed company holidays and flex time
  • Exclusive perks + discounts, including tuition assistance, commuter benefits and more
  • Fulltime
Read More
Arrow Right

Sr Technology Consultant-CTJ-Poly

We are looking for a Sr Technology Consulting professional. The person in this r...
Location
Location
United States , Annapolis Junction
Salary
Salary:
101800.00 - 193800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science, Engineering, Finance, Business, or related field OR equivalent experience
  • 3+ years leadership experience in relevant area of business OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements
  • The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • This position requires verification of U.S. citizenship due to citizenship-based legal restrictions
Job Responsibility
Job Responsibility
  • Engage others appropriately to understand and define customer requirements
  • Communicate the business value of planned solutions to customers/ partners
  • Identify technical and business risks in programs and proposes mitigations
  • Act as an ambassador in the consumption of intellectual property (IP) by leveraging and/or modifying existing IP or creating repeatable content where applicable
  • Improve Managed Standard Offerings (MSO) quality and collaborates with portfolio and solution teams of the domain by providing feedback
  • Identify opportunities to expand or accelerate the adoption and consumption of the cloud and Microsoft technologies
  • Collaborate with internal stakeholders in the pre-sale process by understanding business requirements and providing industry and technical input and/or solution offerings to help shape the deal
  • Supports drafting proposals and/or statement of work (SOW)
  • Provide input on staffing and skill requirements for delivery to Resource Deployment, Technical Delivery Managers (TDMs), and/or Project Managers
  • Facilitate, as appropriate, other team members to scale the business with existing customers by articulating value propositions of strategic Microsoft products and services and developing new offerings for the domain
  • Fulltime
Read More
Arrow Right

Sr Manager IT Quality Assurance

The IT Senior Manager, CI/CD Engineering & DevOps is responsible for owning and ...
Location
Location
United States
Salary
Salary:
Not provided
valvoline.com Logo
Valvoline
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (prefer Software Engineering, Information Systems, business or related field)
  • 8+ years of progressive experience in software delivery, DevOps engineering, or release management
  • 5+ years managing enterprise-scale CI/CD pipelines in a heterogeneous technology environment
  • Demonstrated experience with automated testing at enterprise scale (functional, regression, integration, performance)
  • Experience supporting large ERP platform delivery (SAP ECC and/or S/4HANA strongly preferred)
  • Proven track record leading production cutover, failover validation, and hypercare operations for major releases
  • Expert-level proficiency with Jenkins, GitHub Actions, Azure DevOps, or equivalent modern pipeline orchestration tools
  • Strong knowledge of pipeline-as-code (Jenkinsfile, YAML workflows), artifact management (Nexus, JFrog), and environment promotion patterns
  • Experience with GitOps principles, branching strategies (trunk-based, GitFlow), and PR governance controls
  • Deep expertise in enterprise automated testing frameworks: Selenium, Playwright, Tosca, REST Assured, OpenText UFT One
Job Responsibility
Job Responsibility
  • Own the enterprise CI/CD pipeline strategy, architecture, and execution across all VGO platforms
  • Drive adoption of modern pipeline tools (Jenkins, GitHub Actions, cALM, SAP Solution Manager, Azure DevOps, ArgoCD, other pipelines)
  • Enforce pipeline-as-code standards, enforce branch strategy governance, and ensure automated build, test, and deploy processes operate across SAP BTP, Salesforce, Databricks, and custom application stacks
  • Lead the shift-left engineering culture embedding quality and security at every pipeline stage
  • Define and govern the enterprise automated testing strategy encompassing functional, integration, regression, performance, and security test automation
  • Own the automation-first mandate
  • Establish code coverage thresholds, regression gates, and test-data management standards
  • Oversee toolchain selection and governance (Selenium, Playwright, Tosca, UFT One, OpenText ALM, REST Assured) aligned to VGO's SAP S/4HANA, Salesforce, and API integration landscape
  • Establish and enforce enterprise code quality standards and automated code review practices using static analysis tooling (SonarQube, CodeQL, ESLint, ABAP Code Inspector)
  • Govern pull request workflows, peer review SLAs, and automated gate enforcement within GitHub Enterprise
  • Fulltime
Read More
Arrow Right

Sr Manager IT Quality Assurance

The IT Senior Manager, CI/CD Engineering & DevOps is responsible for owning and ...
Location
Location
United States
Salary
Salary:
Not provided
valvolineglobal.com Logo
Valvoline Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of progressive experience in software delivery, DevOps engineering, or release management
  • 5+ years managing enterprise-scale CI/CD pipelines in a heterogeneous technology environment
  • Demonstrated experience with automated testing at enterprise scale (functional, regression, integration, performance)
  • Experience supporting large ERP platform delivery (SAP ECC and/or S/4HANA strongly preferred)
  • Proven track record leading production cutover, failover validation, and hypercare operations for major releases
  • Required: Bachelor's degree (prefer Software Engineering, Information Systems, business or related field)
  • Preferred: Master's degree or equivalent practical experience in DevOps, software delivery engineering, or enterprise architecture
  • Preferred: Experience with SAP-specific CI/CD toolchains (SAP Cloud Transport Management (cALM or Solution Manager), ABAP Development Tools, SAP BTP CI/CD Service)
  • Preferred: Salesforce DevOps Center, Copado, or Gearset experience for Salesforce delivery pipelines
  • Preferred: Hands-on experience in regulated or SOX-controlled environments
Job Responsibility
Job Responsibility
  • Own the enterprise CI/CD pipeline strategy, architecture, and execution across all VGO platforms
  • Define and govern the enterprise automated testing strategy encompassing functional, integration, regression, performance, and security test automation
  • Establish and enforce enterprise code quality standards and automated code review practices using static analysis tooling
  • Serve as the DevOps and Release lead in the Architecture Review Board (ARB) process, assessing delivery readiness, pipeline compliance, and change risk for platform and application changes
  • Lead enterprise cutover planning, execution, and cutover command operations for major releases including SAP S/4HANA Project Phoenix wave go-lives
  • Lead and develop a global DevOps engineering team including release engineers, automation engineers, QA leads, and pipeline specialists
Read More
Arrow Right