AVP, Technology Risk Management

We are Athene. At Athene, we are driven to do more. We are a leading retirement services company that issues, reinsures and acquires retirement savings products designed for the increasing number of individuals and institutions seeking to fund retirement needs. We see every day as a new opportunity to measure ourselves against the best - and then we don't stop until we've set the bar even higher. We're ready to help you achieve more.

Purpose:
Athene is looking for an Assistant Vice President (AVP), of Technology Risk Management to join our IT Security, Risk, and Compliance team. In this role, you will be reporting to Athene's CISO and responsible leading a team of IT risk professionals to drive IT Governance, Risk, & Compliance (GRC) processes. As the senior leader, you will collaborate across IT and with our business partners to assess technology risks and ensure identified issues are tightly managed. You will work in a fun and rapidly changing environment and help shape the future of Athene's cybersecurity program. This role encompasses IT risk management, audit tracking, cybersecurity awareness, governance, and disaster recovery.

Accountabilities:

You and your team will:

• Perform due diligence on key vendors to assess and remediate 3rd party risks
• Review incoming security assessments from business partners and provide feedback on Athene's processes and controls
• Manage, track, and report on company-wide technology risks and maintain the risk register
• Partner with Athene's internal audit team and IT staff on technology audits including scoping, artifacts, and potential findings.
• Work closely with Technology management and staff, risk management groups, and cybersecurity teams to develop appropriate remediation action plans
• Partner with external auditors on SOX audits as well as adhoc audits as applicable
• Maintain and update the technology controls and cybersecurity standards and align it to industry frameworks (such as FFIEC, NIST, NYDFS)
• Perform IT risk assessments, review results, and track remediation
• Ensure compliance with cybersecurity regulatory requirements (e.g., NYDFS, 23 NYCRR 500)
• Monitor risk scores from third party services such as BitSight, Security Scorecard, etc. and follow-up on relevant findings
• Lead Athene's security awareness program including conducting annual training, phishing tests, and presentations.
• Ensure cybersecurity policies and standards are reviewed, maintained, and updated as needed
• Lead Athene's Disaster Recovery program including coordinating annual exercise schedule
• Assist with cybersecurity metrics and KPIs for governance purposes.
• Effectively coach, mentor, and direct peers, project teams, and business leaders on IT Risk Management activities
• Drive the design and implementation of GRC tools to further improve and automate our risk management processes.
• Provide ongoing consultation with business partners related to technology risk
• Participate in team, department, and division meetings as required.

Qualifications and Experience:

• Bachelor's Degree in Computer Science, Information Security, related technical field and/or equivalent work experience.
• 7+ years of experience working within an internal audit, IT risk, or IT compliance function as an internal employee or as part of a professional services firm
• Familiarity with Financial Industry Technology and Cybersecurity risk frameworks (such as FFIEC IT Booklets, NIST, COBIT)
• Proficiency in core requirements and methodologies for SOX internal control programs
• Knowledge of the regulatory environment that financial institutions must operate within
• Ability to independently analyze and determine if a suite of controls will adequately reduce inherent risks to acceptable levels
• Persistence, consistent attention to detail, and ability to meet deadlines
• Proven ability and confidence to communicate with senior executives
• Excellent personal organization, planning, negotiating, interviewing, and influencing skills
• Exceptional communications skills; to be able to inform and persuade both orally and in writing
• Firm grasp of information technology and cybersecurity risk management/governance principles, methodologies, and tools in a financial services environment;
• Experience with IT risk management operating models and three lines-of-defense frameworks,
• IT Audit experience is a plus
• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others
• Excellent verbal and written communication skills and a consistent track record of building effective working relationships with internal business partners;
• Foster an efficient, innovative and team-oriented work environment

Drive. Discipline. Confidence. Focus. Commitment. Learn more about working at Athene.

Athene is a Military Friendly Employer! Learn more about how we support our Veterans.

Athene celebrates diversity, is committed to inclusion and is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, veteran status or any other status protected by federal, state or local law.