AVP, GRC

Overview:

POSITION SUMMARY:

The Associate Vice President Governance, Risk & Compliance (GRC) role supports the VP, GRC, in overseeing a comprehensive set of Bayview's Information Technology compliance functions. These functions include audit facilitation, risk management, policies/procedures, governance, technology, monitoring, compliance, and business resilience.

Essential DUTIES AND RESPONSIBILITIES:

1. Supports the VP, GRC, in managing the implementation, use, and maintenance of a Governance Risk and Compliance (GRC) system for the tracking and resolution of control issues, according to severity and potential impact to the organization.
2. Supervises GRC risk assessment processes addressing threats, identifying mitigating controls, and implementing additional controls to address residual risks.
3. Facilitates the creation, maintenance, and modification of policies, procedures, and operating standards in response to regulatory and customer requirements, and ensures all related IT policies are updated based on any relevant regulatory changes or new laws.
4. Oversees an inventory of regulatory, commercial, risk, and organizational compliance requirements.
5. Facilitates audits, reviews, and surveys annually from diverse external audiences (i.e., customer, investor, regulator).
6. Supports the development and directs IT control monitoring programs to ensure GRC-related risks are managed to a level of acceptable residual risk.
7. Supports the VP, GRC, in reporting the levels of GRC risk and control effectiveness to key stakeholders (IT management, senior management, legal, etc.).
8. Provides technological advice and insight on compliance requirements to non-IT leaders (senior management, HR, legal, etc.) such as the general counsel, compliance officer, etc.
9. Works with general counsel and compliance representatives to identify all related GRC requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
10. Manages a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes, and/or compliance controls.
11. Conducts necessary GRC control monitoring and testing activities to determine the effectiveness of the controls.
12. Oversees the remediation of IT control deficiencies.
13. Supports the development of peers and other key stakeholders in strong cybersecurity governance, risk management, and compliance practices.
14. Evaluates any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology NIST, etc.) or internal standards (e.g., code of conduct and acceptable use) to determine the relevant GRC requirements and controls.
15. Identifies any gaps between the desired level of control maturity and the current level of control maturity.

SKILLS/KNOWLEDGE/ABILITIES:

1. Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.
2. Proven leadership ability that is accountable for the performance of a team.
3. Ability to set and manage priorities judiciously.
4. Ability to present ideas in business-friendly and user-friendly language.
5. Exceptionally self-motivated, directed, and detail-oriented.
6. Superior analytical, evaluative, and problem-solving abilities.
7. Ability to motivate in a team-oriented, collaborative environment.

EDUCATION and EXPERIENCE:

1. Undergraduate degree in the field of law, computer science, or business administration; graduate degree in one of these fields preferred.
2. 5 years' experience working in the financial services industry.
3. 10 years' experience managing IT Security functions in a corporate setting.
4. 5 years' experience managing IT audits/compliance in a corporate setting.
5. Proven experience developing and submitting IT audit and compliance reports to governing bodies, legal entities, and/or external authorities.
6. Experience in planning, organizing, and developing information technology policies, procedures, and practices.
7. Direct experience and knowledge of national, state, provincial, and local information technology laws and regulations, including FFIEC, SOX, CFPB, SEC, etc.
8. Strong communication skills (written and oral), particularly with government/legal agencies and external/internal auditors.
9. Demonstrated ability to apply IT-related knowledge and experience in solving IT Security and compliance issues.
10. General knowledge of business theory, business processes, management, budgeting, and business office operations.
11. Understanding of computer systems and integration capabilities.
12. Solid understanding of project management, data analytics, and reporting principles.
13. Ability to translate understanding of the organization's goals and objectives into compliance requirements.

Certifications, Licenses, and/or Registration:

Industry-related legal, compliance, information security, or business continuity management certification is preferred (i.e., CISA, CRISC). CISSP, CISM, or similar certification required.

Physical Demands and Work Environment:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch, or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus. The noise level in the work environment is usually moderate.

EEOC:

Bayview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence, and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.