Data Risk Management Director – Second Line of Defense

Role Overview

• Manage the development, maintenance, and ongoing enhancement of the enterprise Data Risk Management framework, policies, standards, procedures, and control expectations, aligned with industry-recognized frameworks such as DAMA-DMBOK and the EDM Council’s DCAM.
• Maintain and evolve the data risk and control taxonomies, ensuring consistency with operational risk, compliance risk, and technology risk frameworks.
• Oversee the development and use of risk management technologies and tooling used to inventory critical data assets, track data risks, controls, issues, and remediation activities.
• Participate in or support enterprise governance forums, committees, and working groups related to data risk, providing independent risk perspectives and recommendations.
• Develop and deliver training and awareness related to the Data Risk Management program and expectations.
• Support the development and maintenance of data risk appetite or tolerance statements, thresholds, and limits in alignment with enterprise risk appetite and regulatory expectations.
• Design, implement, and monitor key risk indicators (KRIs), key performance indicators (KPIs), and key control indicators (KCIs) to measure data risk exposure and program effectiveness.
• Analyze trends, emerging risks, and control performance related to data risk concepts.
• Develop and maintain data risk assessment methodologies, including inherent risk identification, control evaluation, residual risk determination, and escalation criteria.
• Execute the second line of defense enterprise-level data risk profile assessment to measure compliance with approved risk appetite or tolerance.
• Embed data risk considerations and requirements into other risk domain assessments (e.g., operational risk, AI risk, model risk, third-party risk, privacy, and technology risk).
• Identify emerging data risks related to data quality, integrity, lineage, access controls, aggregation, retention, regulatory reporting, and customer impact.
• Provide effective independent review and challenge of first-line data risk assessments, control design, mitigation strategies, and risk acceptance decisions.
• Execute and/or oversee quality assurance (QA) activities to assess adherence to data risk management policies, standards, and governance requirements.
• Identify gaps, weaknesses, or inconsistencies in data risk practices and ensure issues are documented, escalated, and tracked through remediation.
• Partner with other second-line risk domains to deliver integrated, holistic risk oversight of data-enabled processes, analytics, and products.
• Develop and deliver insightful, enterprise-level data risk reporting that clearly communicates risk posture, trends, emerging issues, and program health.
• Prepare materials for senior management, governance committees, and external stakeholders that drive informed decision-making and timely action.
• Lead regulatory exam support, internal audits, and management self-assessments related to data governance and data risk management.
• Serve as a trusted risk advisor to first-line leaders across Product Management, Technology, Data Governance, Analytics, and Business Operations, including data owners, stewards and custodians.

Requirements

• Bachelor’s degree or equivalent experience.
• 12 years of experience in operational risk management, data risk management, data governance, technology risk, or a related discipline within financial services or another highly regulated industry.
• Direct experience supporting or leading data risk management, data governance, or data control programs.
• Strong working knowledge of industry-recognized data management and risk frameworks, including DAMA-DMBOK and DCAM.
• Experience designing or executing risk assessments, governance frameworks, metrics, and reporting for complex risk domains.
• Excellent written and verbal communication skills, with the ability to clearly explain data risks to technical and non-technical stakeholders.
• Strong analytical skills, sound judgment, and attention to detail.
• Proven ability to work independently, manage multiple priorities, and influence across a matrixed organization.
• Risk management, data, technology, or audit certifications (e.g., CDMP, CRISC, CISM, CIA, or similar).

Benefits

• Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans
• 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave
• Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.