BU Risk and Control Mgmt

Business Unit & IT Controls Management  
 

The Business Unit & IT Controls Management role will lead in the development of control programs to mitigate Operational & IT Risk. Leads and assists in the identification, evaluation, and management of operation and information technology related risks activities in accordance with key regulations, IT standards and enterprise framework.  The role will work closely with all 3 Lines of Defense (LOD), Regulatory Support and Supervisory Affairs Team, IT, Cyber, and the Business Controls Office to drive governance and execution of effective internal controls. Supports the execution of first line requirements and IT standards in accordance with the Secure Control Framework (SCF) with TIAA's Regulatory Risk Management (RRM) Program. 

Examples of components within the RRM Program include new rule/regulation implementation, External regulatory exam support, regulatory related solution implementation support and assistance in the completion of regulatory exams and Management Action Plans (MAPs).  

This role also presents reports inclusive of status, opportunities, and recommendations to management including working with the Business Controls Office to provide appropriate metrics and Key Risk Indicators (KRI) to ensure control adequacy, quality and efficacy for client services and technology organization.

Help execute on strategy to cultivate a stronger risk culture at every level of the organization.

Key Responsibilities and Duties

• Partner with technology teams to drive effective risk and control management. Work with technology and risk partners to create risk treatment and remediation plans to mitigate technology risks and govern remediation plans through completion.

• Maintains understanding and knowledge of internal control systems, risk management, compliance practices, IT standards and Financial Services regulations.  

• Establishes an integrated and collaborative relationship with first, second, and third line of defense partners from business areas, ERM, Compliance, and Audit to ensure continued compliance with ERM requirements and IT standards. 

• Supports the identification of control gaps and assist first line management in creating and documenting necessary remediation steps.

• Drive the execution of controls across various risk activities, such as, Business Continuity, Disaster Recovery, IT Regulatory exam support, IT Process and Control Mapping, and Risk Training and Education.

• Create and prepare documents and materials in support of risk management and governance reporting and meetings. Approves and presents reports of findings and recommendations to management. 

• Communicates new or revised policies, procedures, processes, and related documents to appropriate team members and/or business units.  

• Assesses the cause of gaps to understand risk drivers, themes, trends, and where similar exposures may exist in other areas of the business. 

• Ensures that required evidence and documentation is maintained within the system of record.  Coaches and reviews the work of lower level professionals.

• Leads cross-functional implementation of compliance programs Evaluates reporting policies and procedures currently in place within the organization to identify gaps and weaknesses.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 5 Years Required; 7 Years Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level
8IC