Senior Manager Technology & Information Security Risk

It Starts With Our Employees

FourLeaf's ultimate goal is to provide the best-in-class member and employee experience, and it all begins with two things : hiring incredible people and giving them a great place to work.

What You’ll Do

The Senior Manager of Technology & Information Security Risk reports to the FVP Enterprise and Third-Party Risk Management (TPRM) and is responsible for the oversight and development of the Technology and Information Security Risk program and team. In collaboration with leadership, the Senior Manager develops, implements, and executes on the Technology and Information Security risk program ensuring the required due diligence is completed for systems, applications, tools, AI models, products services and processes in alignment with NCUA, FFIEC, NIST, PCI, NYDFS and cybersecurity best practices in addition to providing key support for audits and exams.

Core Contributions

• Manage and develop the Technology & Information Security Risk team, fostering a team driven by service and efficiency through leadership and training, ensuring deliverables are accurate, timely and consistent with the established Risk program and strategic direction. Develop and execute a plan for individual and team education. Supervise activities to ensure adherence to policy, procedures, and regulatory requirements.
• Identify key metrics (KRI’s) for monitoring current and emerging Technology, Cyber and Information Security risk in the Credit Unions GRC system, using a combination of quantitative and qualitative analysis for leadership and board reporting. Monitor, measure and track risk indicators for exposure, working with IT, Cyber Security, Transformation and First Line Risk Leaders to ensure recommendations, controls and mitigation steps are appropriately documented.
• Collaborate with Enterprise & Third-Party Risk Management Leaders and team in addition to legal, compliance, and internal audit on risk related matters, regulatory changes and compliance risk issues. Partners with leaders, business areas, first line of defense team and CUSO’s to ensure documents and artifacts are developed, managed and updated in accordance with Enterprise Risk policies and framework. (i.e. contracts, policy, procedures, standards, change control log etc.)
• Develop and conduct annual, new product, service, project and ad hoc risk and control assessments for technology, cyber, and information security systems, infrastructure, architecture, data setup and linage, AI models and third-party relationships, in addition to overseeing assessment process for the credit union CUSO’s. Act as the lead for Risk Management on New Product, Service and Project Assessments related to Technology and Information Security. Work closely with credit union leadership, business areas and external parties on recommendation and implementation of risk mitigation strategies to address any identified risk-related issues.
• Prepare and present risk reports to senior management, the Enterprise Risk Management Committee and or the Information Security Committee highlighting key risk exposure, trends and mitigation actions. Manage the preparation of the monthly, quarterly, annual, and ad hoc reports and presentations for the Chief Legal and Risk Officer, First Vice President Enterprise and Third-Party Risk Management, Enterprise Risk Management Committee, Asset Liability Risk Management Committee and Board.
• In collaboration with Risk leadership, develop and manage a comprehensive Business Continuity program and framework ensuring the Credit Union’s critical technology, data and infrastructure can be restored in accordance with RTO / RPO objectives in the event of an incident, in addition to managing the day-to-day deliverables of the Business Continuity Program Manager.
• Ensure adherence to applicable regulatory frameworks including : NCUA Part 748 (Security Program, Suspicious Activity Reports), FFIEC IT Examination Handbook, NYDFS, GLBA, PCI-DSS, and other relevant data security laws. Act as the key contact for Risk on any internal, external audit or exams as it pertains to Technology and Information Security Risk.
• Oversee the management, monitoring, and maintenance of Reportable Events (issues incidents, and losses) for technology and information security related events for root cause analysis, action planning and resolution as the second line of defense.

Assets You Will Bring

The estimated salary for this role is $114,647 - $143,308 annually. (FourLeaf Federal Credit Union provides a range of benefits with various enrollment periods, including medical, dental, and vision coverage, a 401K plan with employer match, reimbursement programs, wellness programs, and an annual performance-based bonus.)

What Sets Us Apart?

Along with a comprehensive benefit package, we offer :

….and more!

Who is FourLeaf?

FourLeaf Federal Credit Union (FourLeaf) has been committed to the financial well-being of our members for over 80 years. Through our full range of competitive savings and loan products, you can trust us in every step of your financial journey. From applying for a credit card to closing on your mortgage to opening your child’s first savings account, FourLeaf is here to help you reach your financial goals.

We are proud to be an award-winning place to work! Some of our recent recognitions include Certified Great Place to Work 2024-2025, America’s Greatest Midsize Workplaces 2025, Quantum Workplace Employee Voice Award 2024, and Fortune’s Best Workplaces in Financial Services & Insurance 2024.

As a credit union, our vision is to enrich the lives of our members, employees, and communities. Since 2002, we have been an integral community partner through our charitable giving and community development programs in New York and beyond.

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws.

For further information, please review the Know Your Rights notice from the Department of Labor.