Information Security and Technology Risk Manager job at Mizuho Financial Group in New York City, NY
Title: Information Security and Technology Risk Manager Location: New York City New York United States time type: Full time job requisition id: R6815 Job Description: Non-Financial Risk (NFR) Mizuho's Non-Financial Risk (NFR) team provides independent oversight and credible challenge of the firm's IT and Information Security risk program, partnering with 1st line of defense teams to strengthen the control environment. We are a growing, collaborative team that values intellectual curiosity and a forward-thinking approach to risk management. This hybrid role (in-office/remote) offers high visibility across the enterprise, with direct engagement with senior leadership, governance committees, and business partners across Mizuho U.S. Operations. We are looking for an experienced Risk Manager for Information Security and Technology to drive a consistent 2nd line of defense approach to identifying, assessing, and reporting Information Security and Technology risks across the firm's lines of business. The ideal candidate will bring a forward-thinking mindset, with a strong interest in leveraging artificial intelligence and workflow automation to enhance risk management processes and drive operational efficiency. Candidates with Big 4 IT audit, risk advisory, or technology consulting backgrounds are strongly encouraged to apply. This role offers a clear growth trajectory as the team and program continue to scale. Principal Duties and Responsibilities Support oversight and credible challenge activities by leading the review of risks and impacts identified by 1st line control owners and providing independent assessments to senior management. Review and assess Information Security and Technology policies and standards, formulating observations and actionable recommendations for management. Collaborate with business partners to develop, maintain, and refine Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for Information Security and Technology risk. Conduct risk assessments, deep dives, and gap analyses and document findings and identified control enhancement opportunities, including Risk and Control Self-Assessment (RCSA) validation. Track remediation plans for risk events and issues; coordinate with action owners to collect and evaluate remediation evidence and report progress to management. Support and present to governance committees, management, and business partners by preparing materials, delivering analysis, and driving follow-up actions. Develop an understanding of business processes and objectives to independently identify opportunities to strengthen the control environment. Provide review and challenge to Non-Financial Risk framework initiatives, such as Internal Control Testing and Scenario Analysis, by performing assigned analyses and documentation tasks. Identify opportunities to leverage AI, automation, and emerging technologies to streamline risk management workflows, including evidence collection, risk reporting, control testing, and remediation tracking; evaluate and recommend tools and approaches with appropriate governance considerations. Maintain awareness of Information Security, Technology, AI governance, and regulatory developments and escalate relevant observations to management for discussion, support outreach, communication, and training efforts across business lines.
Qualifications
Bachelor's degree in computer science, engineering, MIS, information assurance, or a related field preferred. Equivalent professional experience will be considered. Professional skepticism, sound judgment, and a steady temperament, with strong analytical and communication skills; able to identify emerging risks, distill complex issues, and engage effectively across all levels of the organization. Self-directed and highly organized, with strong project management skills and the ability to prioritize competing demands within defined SLAs. 3+ years of experience in Technology Risk, IT Audit, Information Security, risk advisory, or related field, with practical knowledge of security principles and risk management. Interest in or exposure to AI tools and workflow automation for risk management processes is a plus. Familiarity with information security and technology frameworks and industry best practices, such as FFIEC, ISO, NIST, COBIT, ITIL, SOX, SOC 1/SOC 2, or COSO. Financial Services or Banking experience preferred. Big 4 IT audit, risk advisory, or technology consulting experience is highly valued. CISSP, CRISC, CISA, CISM, or CCSP certifications a plus. The expected base salary ranges from $137,500 - $185,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including Medical, Dental and 401K plans, successful candidates are also eligible to receive a discretionary bonus. #LI-Hybrid Other requirements Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations. Roles in some of our departments have greater in-office requirements that will be communicated to you as part of the recruitment process. Company Overview Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com. Mizuho Americas offers a competitive total rewards package. We are an EEO/AA Employer - M/F/Disability/Veteran. We participate in the E-Verify program. We maintain a drug-free workplace and reserve the right to require pre- and post-hire drug testing as permitted by applicable law. #LI-MIZUHO Apply tot his job Apply To this Job