Technology Risk Lead at MassMutual
This is an opportunity to join a thriving insurance organization. Growth, innovation and a consistent focus on policyholders and customers sets MassMutual apart and gives us a competitive edge in the market. We consistently challenge ourselves to deliver. Help us change the future and join a team committed to excellence.
MassMutual is seeking a highly motivated and experienced professional to join the Enterprise Risk Management area. Responsibilities include identifying and overseeing operational risks inherent to technology and across the MassMutual enterprise. The ideal candidate will partner with Technology to create meaningful analysis that drives decisions on risks taken by the firm. This position requires the ability to “think outside the box” identify emerging risks and help strategies to mitigate them.
Reports to: Head of Technology Risk Management
Act as a trusted and influential advisor to MassMutual’s Enterprise Information Risk (Cyber) and Technology Operations business for all technology risks impacting those business units. These groups are responsible for enterprise cyber resiliency and technology management practices for core business units.
As a seasoned technology and risk leader, you will have the opportunity to enhance the risk program and establish jointly with ETX, business and ERM peers the right set of strategy, framework, and processes, as well as define the ideal level of engagement across the groups. You will have the chance to help evolve the company technology risk posture and maturity. The position is based in Springfield or Boston area, with limited domestic travel expected.
This role will act as the Enterprise Risk Management thought leader and owner of the Cyber/Technology Operations risk appetite framework, inherent risk and residual risk measurement methodology, for both individual initiatives and programs. Responsible for partnering with other functions in ERM to integrate Cyber/Technology Operations risks into the Enterprise risk appetite framework and top risk assessment that includes the oversight and execution of the program. The candidate will form influential relationships with technology and business leaders to establish jointly with ETX, business and control peers the right set of strategy, framework, and processes, as well as define the ideal level of engagement.
The output of which is shared with:
- The firm’s Board of Directors and Enterprise Risk Committee to enable them to have an effective risk dialogue and be able to clearly establish limits, priorities and contribute towards risk containment and mitigation strategies.
- For Operational risk committee (ORC), Information Security Council and management to allow them to provide governance and oversight
- Business leaders to help them determine the level of residual risk
- Risk reduction program owners to allow them to determine level of risk reduction their program is achieving
Additionally, as part of the leadership team of Enterprise Risk Management, you will act as the trusted advisor to the Enterprise Information Risk and Technology Operations Business Unit and First Line of Defense (FLOD) control function on matters relating to the IT risk posture of MassMutual. More specifically, you will:
- Participate in various decision-making forums on risk assessment, quantification, risk appetite setting and risk acceptance
- Drive adoption of the risk framework within Enterprise Technology groups
- Effectively communicate independent evaluation of IT risk posture
- Develop visualization and content for reports, dashboard and monthly risk opinion
- Present the risk appetite dashboard, risk opinion and relevant metrics at the appropriate committees, articulate and defend the measures
- Drive and escalate as necessary when risk limits are breached or risk posture deteriorates
- Review and challenge risk reduction estimates provided by IT First Line of Defense, residual risk scores or risk criticality
- Review and appropriately challenge technology risk decisions, direction, and initiatives under taken by the FLOD, IT or business, providing an independent voice to the risk management process
- Serve as liaison with other Risk disciplines, internal departments, Regulators and other external parties.
- Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices
- Conduct training of the FLOD as needed to educate stakeholders in risk management techniques, policies, etc.
- 10+ years of relevant operational/technology risk related work experience
- Experience leading and driving solutions involving multiple layers of management
- Deals with ambiguity and complexity; willingness to explore multiple solutions to a problem
- Understanding of implications of technology risks and mitigations
- Familiarity with complexities found in larger insurance and asset management companies
- Highly effective critical thinker that can apply information from disparate sources to our operations and identify the key risks and issues for management action
- Effective communicator, both written and verbal, comfort with presenting to all levels of the organization
- Strong leadership and influencing skills. Willingness to take on lead role in ambiguous situations or for activities not directly associated with well-defined operational risk responsibilities
- Strong matrix management skills. Ability to manage multiple projects across the enterprise
- Excellent interpersonal skills. Ability to work with others and lead risk-related discussions
- Bachelor's degree required
- Authorized to work in the United States without sponsorship now or in the future
Focus on the Customer: Know your customers well; add value with a sense of urgency.
Act with Integrity: Be trustworthy, adhere to high ethical standards and adhere to the letter and spirit of applicable laws, rules, regulations and company policies.
Value People: Lead people to success; appreciate diverse backgrounds, ideas and experiences.
Work Collaboratively: Partner with others to achieve results that leverage the right resources.
Achieve Results: Focus on winning; consistently exceed expectations, beat the competition.