AVP, GRC

---

Job description

Overview:

POSITION SUMMARY:

The Associate Vice President Governance, Risk & Compliance (GRC) role supports the VP, GRC, in overseeing a comprehensive set of Bayview's Information Technology compliance functions. These functions include audit facilitation, risk management, polices/procedures, governance, technology, monitoring, compliance, and business resilience.

Essential DUTIES AND RESPONSIBILITIES:

Supports the VP, GRC, in managing the Implementation, use and maintenance of a Governance Risk and Compliance (GRC) system for the tracking and resolution of control issues, according to severity and potential impact to the organization.

Supervises GRC risk assessment processes addressing threats, identifying mitigating controls, and implementing additional controls to address residual risks.

Facilitates the creation, maintenance and modification of policies, procedures and operating standards in response to regulatory and customer requirements andensures all related IT policies are updated, based on any relevant regulatory changes or new laws.

Oversees an inventory of regulatory, commercial, risk and organizational compliance requirements.

Facilitates audits, reviews and surveys annually from diverse external audiences (ie. customer, investor, regulator).

Supports the development and directs IT control monitoring programs to ensure GRC-related risks are managed to a level of acceptable residual risk.

Supports the VP, GRC, in reporting the levels of GRC risk and control effectiveness to key stakeholders (IT management, senior management, legal, etc.).

Provides technological advice and insight on compliance requirements to non-IT leaders (senior management, HR, legal, etc.). such as the general counsel, compliance officer, etc.

Works with general counsel and compliance representatives to identify all related GRC requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.

Manages a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.

Conducts necessary GRC control monitoring and testing activities to determine the effectiveness of the controls.

Oversees the remediation of IT control deficiencies.

Supports the development of peers and other key stakeholders in strong cybersecurity governance, risk management, and compliance practices.

Evaluates any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology NIST , etc.) or internal standards (e.g., code of conduct and acceptable use) to determine the relevant GRC requirements and controls.

Identifies any gaps between the desired level of control maturity and the current level of control maturity.

SKILLS/KNOWLEDGE/ABILITIES:

Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators.

Proven leadership ability that is accountable for the performance of a team.

Ability to set and manage priorities judiciously.

Ability to present ideas in business-friendly and user-friendly language.

Exceptionally self-motivated, directed and detail-oriented.

Superior analytical, evaluative and problem-solving abilities.

Ability to motivate in a team-oriented, collaborative environment.

EDUCATION and EXPERIENCE:

Undergraduate degree in the field of law, computer science or business administration; graduate degree in one these fields preferred.

5 years' experience working in the financial services industry.

10 years' experience managing IT Security functions in a corporate setting.

5 years' experience managing IT audits/compliance in a corporate setting.

Proven experience developing and submitting IT audit and compliance reports to governing bodies, legal entities and/or external authorities.

Experience in planning, organizing and developing information technology policies, procedures and practices.

Direct experience and knowledge of national, state, provincial and local information technology laws and regulations, including FFIEC, SOX, CFPB, SEC, etc.

Strong communication skills (written and oral), particularly with government/legal agencies and external/internal auditors.

Demonstrated ability to apply IT-related knowledge and experience in solving IT Security and compliance issues.

General knowledge of business theory, business processes, management, budgeting and business office operations.

Understanding of computer systems and integration capabilities.

Solid understanding of project management, data analytics and reporting principles

Ability to translate understanding of the organization's goals and objectives into compliance requirements.

Certifications, Licenses, and/or Registration

Industry-related legal, compliance, information security or business continuity management certification is preferred (i.e. CISA, CRISC)

CISSP, CISM or similar certification required.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus. The noise lever in the work environment is usually moderate.

EEOC

Bayview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.

<!– job description page –>