Director, IT ERM Risk Assessment & Risk Appetite Program Lead

  • Company: TIAA
  • Location: Peconic, New York
  • Posted: June 21, 2018
  • Reference ID: 1711618
Job Description



As long as there are people who make the world a better place, we'll keep making a difference for them. Since 1918, it has been TIAA's mission to serve those who serve others. It is this mission and the values we embrace that make us a different kind of financial services organization.


When you work here at TIAA, you're not just in it for yourself. You are part of something bigger. A collective mission to make a difference - a collective mission we make our own.


To be difference makers.


For more information about TIAA, visit our website.




This Second Line of Defense position is responsible for the coordination of the execution/challenge of the Enterprise IT/Data Risk and Control Self-Assessment program with the IT First Line of Defense including monitoring the accuracy of the details in our GRC tool.  The role will also assist with the collection of information and data as inputs for the identification and maintenance of Risk Appetite for IT.  The role will support the Head of Enterprise Risk Management IT/Data with the communication to the business Chief Risk Officer Teams regarding inherent/residual IT Risks and Controls.  The role is also responsible for coordination of the Subsidiary Governance oversight and collection of evidence for the IT owned subsidiaries.




  • Support the Second Line of Defense Challenge for the ongoing IT/Data RCSA, including facilitating and executing on the Risk Management Index and QA of the data in the GRC tool.

  • Assisting with the monitoring of the Risk Appetite for the IT/Data Risks based on direction and feedback from the business CRO Teams and business leaders.

  • Working with the IT/Data First Line of Defense identifying and maintaining the IT KRIs (Key Risk Indicators) and KCIs (Key Control Indicators) and reporting on their progress regularly.

  • Ensuring that all data that supports accurate recording of Inherent Risk and Control strength is included in the analysis and the GRC tool.

  • Monitoring incidents and issue management to ensure that the impact on risks and control strengths are accurately portrayed in the GRC tool.  




  • Bachelor’s degree is required.
  • At least five years of Technology Risk or Control Management/Assessments; or Technology Audit experience is required.

  • Knowledge of IT infrastructure and application development is required.

  • Experience with IT Risk and Control Frameworks and leveraging them to ensure completeness of analysis around IT risk identification and Control Strength assessment is required. 

  • Graduate degree in Business or Computer Science or Engineering is preferred.

  • Experience managing a team is preferred.
  • Experience applying IT Risk Management practices to Financial Services or Insurance companies is preferred.  

  • Experienced Program/Product Manager is preferred.

  • Experience with creating risk/controls reporting is preferred.



Equal Employment Opportunity is not just the law, it’s our commitment. Read more about the Equal Employment Opportunity Law.


If you need assistance applying due to being visually or hearing impaired, please email Careers Help.

This organization is an equal employment opportunity (EEO) employer, dedicated to maintaining a work environment free of bias, harassment, discrimination and retaliation. As an EEO employer, this organization expressly prohibits discrimination, harassment, and retaliation on the basis of race, creed, ethnicity, color, age, religion, sex, sex stereotype, pregnancy (including childbirth, breastfeeding or related medical conditions where applicable), sexual orientation, gender, gender identity, gender expression, transgender, marital status, national origin, ancestry, physical or mental disability, requesting a reasonable accommodation based on mental or physical disability, medical condition (as defined by applicable law), genetic history and information, citizenship status, military or veteran status, or any other status protected by federal, state, or local law or ordinance or regulation (collectively referred to here as “protected characteristics”).


*©2016 Teachers Insurance and Annuity Association of America (TIAA), 730 Third Avenue, New York, NY 10017



Share this Job