IT Risk Services Manager
First Commonwealth Bank

Maintains a high skill level of risk management and systems knowledge as it relates to the overall corporate technology environment. Stays abreast of new developments in the corporation's business and technology strategic and operating plans and possesses a solid understanding of the corporation's direction and goals in order to effectuate appropriate change. Accountable for Internal/External Audit and examiner preparation and response management for IT related functions as assigned. Serves as the point of contact for IT support requirements in the facilitation of the internal, 3rd party and regulatory audit request lists, tracking of the completion of management replies and the overall examination schedule. Is the liaison to work directly with the Information Security team to understand and manage the IT related requirements across the business units. Is responsible for the Business Resumption and Vendor Management obligations for IT Risk while has direct involvement for the advancement of change as presented through regulatory guidance and recommendation to include being responsible for the ongoing maintenance of the Asset Based Risk Assessment utilizing the SBS CyberSecurity TRAC solution. Is responsible for evolving the IT Risk related opportunities into the Predict 360 Governance Risk and Compliance (GRC) software product and the ongoing development and responsibilities associated in the management of the Vulnerability Management (VM) staff and processes to include being proficient in the utilization of the Qualys VM tool. Administers assigned IT provider invoicing process which includes the review, distribution and processing. Also, is responsible for the annual operating plan, the expense allocations and budgeting efforts for the assigned area. Is a member of the Operational Risk Committee and is involved in the application integration requirements presented through bank merger and acquisition (M&A) technology planning through conversion.

Essential Job Responsibilities__________________________________

1. Accountable for Internal/External Audit and Examiner preparation and response management for IT related functions as assigned. Serves as the point of contact for IT support requirements in the facilitation of the internal, 3rd party and regulatory audit request lists, tracking of the completion of management replies and the overall examination schedule.

2. Liaison to work directly with the Information Security team to understand and manage the IT related requirements across the business units.

3. Responsible for the Business Resumption and Vendor Management obligations for IT Risk.

4. Direct involvement for the advancement of change as presented through regulatory guidance and recommendation. Responsible for the ongoing maintenance of the Asset Based Risk Assessment utilizing the SBS CyberSecurity TRAC solution.

5. Responsible for evolving the IT Risk related opportunities into the Predict 360 Governance Risk and Compliance (GRC) software product.

6. Ongoing development and responsibilities associated in the management of the Vulnerability Management (VM) staff and processes to include being proficient in the utilization of the Qualys VM tool.

7. Administers assigned IT provider invoicing process which includes the review, distribution and processing. Also, is responsible for the annual operating plan, the expense allocations and budgeting efforts for the assigned area.

8. Member of the Operational Risk Committee

9. Serves as an active partner in the application integration requirements presented through bank merger and acquisition (M&A) technology planning through conversion. Develops an understanding of the process involving the software provider as it relates to acquisitions and mergers.

10. Fosters an atmosphere of cooperation and communication with other departments, vendors, and within the Technology Group. Develops and cultivates effective relationships with vendors.

11. Maintains a high-level overview of the job functions of the various positions in the corporation in order to facilitate effective communication with all users.

12. Enforces completion of assigned tasks based on the assignments, timelines, and specifications.

Bona Fide Occupational Qualifications___________________________

1. A bachelor's degree or equivalent experience is required.

2. A minimum of ten (10) years related experience in Information Systems, IT Risk and/or Information Security practices.

3. In depth technical knowledge of the assigned systems and how the technical functions relate to processing is necessary.

4. Proficient reading, writing, and grammatical skills are critical, as are analytical and mathematical skills. Excellent written and oral communication, organizational, and interpersonal relations skills are also required.

5. A valid driver's license and the ability to travel are required.

6. May be eligible for telecommuting.


Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)