Director, Operations & Technology Risk

  • Full-time
  • Job Family Group: Technology and Operations

Company Description

Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

Job Description

Team Summary

Technology Risk Management plays a critical role in Visa’s three lines of defense, providing oversight of Visa’s Technology and Cybersecurity functions. The team performs a wide range of services including risk assessment, controls monitoring and testing, and governance.

What a Director of Technology Risk Management does at Visa

The Director will be responsible for aligning risk management activities with Visa’s overall enterprise risk framework.  An entrepreneurial and innovative mindset is required for this fast paced, and constantly evolving role.  The ideal candidate will be able to leverage our advanced risk data analytics capabilities with deep applications, technology, and risk knowledge.  Bring your design and development, infrastructure, or technology risk experience to help improve risk management functions and programs, such as Technology, Development, Testing, Data Integrity, Client Services, and IT Disaster Recovery.  Drive the efficient assessment of risk, and ensure appropriate and rapid escalation of those risks as necessary. The candidate must have a deep understanding of technology risks and controls, particularly data integrity and availability and reliability risks.  In addition, the candidate will enhance ways of communicating risks to senior and executive leadership. The candidate will collaborate with other team members involved in the overall process, and will help to ensure that risks are processed and evaluated timely. This is an exciting opportunity for a technology risk leader to make key contributions to help transform Visa's Technology Risk Function.

Key responsibilities for this role include:

  • Support the risk governance processes covering the Technology teams (control assessments, risk committees, risk appetite, key risk indicators, risk acceptances, risk register, risk remediation action tracking) identifying and remediating inefficiencies in the process as necessary.  The Director will be responsible for aligning risk management activities with the overall enterprise risk framework.

  • Capture and manage risks, processes, and controls raised by Technology either in response to identified vulnerabilities, incidents or formal controls assessment processes

  • Lead and/ or execute risk assurance reviews and assessments across the key technology projects, processes, systems and applications.  Provide second line of defense oversight of Technology control programs and reporting

  • The role will collaborate with other risk management functions and programs, such as Operations and Infrastructure, Corporate IT,  and IT Disaster Recovery, to drive the efficient assessment of risk, and ensure appropriate and rapid escalation of those risks as necessary. 

  • Establish and produce management reporting in support of the various activities within the technology and operational risk management governance framework

  • Support Global Operations and Technology Risk Management in developing the maturity of risk management activities and provide thought leadership as required

  • Provide technology controls and risk advice to the Technology team and liaise with other controls experts across the organization as appropriate (e.g. business continuity, disaster recovery)

  • Champion best practices for effective risk management including controls monitoring.

  • Collaborate with colleagues in Second Line of Defense and also with Internal Audit

  • Support a culture of risk transparency and effective challenge

  • Monitor reviews on compliance to industry standards including PCI DSS, FFIEC Architecture, Infrastructure and Operations Handbook, and other

  • Support the global Technology risk program and framework.  Identify and communicate risks through the governance process. Attend and provide information on risk assessment at governance and leadership meetings

  • Provide education and tools to the process owners to support self-assessment, measurement, reporting and management of operational and technology risk

  • Drive updates to the Operational Risk Sub-Committee, and other Risk committees, as required to support Operations and Technology Risk

  • Identify opportunities to implement automation that will reduce manual risk assessment tasks.  Create requirements, functional specifications, and perform UAT for control domains, and other risk reporting, to support the digitization of Operational and Technology Risk through the Risk Data Lake

  • Lead other domain experts to Create requirements, functional specifications, and perform UAT for control domains, and other risk reporting, to support the digitization of Operational and Technology Risk through the Risk Data Lake

This position will report directly to the Senior Director of Technology Risk Management.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.

Qualifications

Basic qualifications:

  • 10 or more years of work experience with a Bachelor’s Degree or at least 8 years of work experience with an Advanced Degree (e.g. Masters/ MBA/JD/MD) or at least 3 years of work experience with a PhD in Information Security, Risk Management, or Compliance

Preferred qualifications:

  • Demonstrate proven success in a role that emphasizes managing various technical aspects of the following: IT Audits, IT Risk Management, Information Security and/or Technical Privacy
  • Thorough understanding of software development lifecycles (SDLC), secure software development lifecycles (SSDLC), systems architecture and controls framework
  • Excellent relationship management and collaboration skills and ability to provide appropriate challenge to Technology colleagues on control design and operation and the tracking of any agreed remediation activities
  • Understanding of regulation, policy and standards applicable to the technology control environment
  • Excellent knowledge of technology risk and control taxonomies, information security, risk management and the industry standard frameworks (ISO27001, NIST, FFIEC AIO Handbook, PCI, ISO/IEC 27034, COSO, COBIT)
  • Strong background in technology, with good understanding of infrastructure platforms, architecture and ITIL processes
  • Ability to convey technology risk management concepts to both technical and non-technical audiences. The candidate must be able to translate technology risks to business impacts
  • Knowledge of availability (e.g. incident and change management, capacity management), and business continuity risks and controls
  • Ability to facilitate group discussions and debate across functional lines and levels
  • Experience creating specifications, requirements, and use cases for Risk based reporting, controls, and automation

COLORADO APPLICANTS ONLY: The estimated salary range for a new hire into this position in Colorado is 109800 USD to 142800 USD. Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for annual bonus and equity.

Visa has a comprehensive benefits package for which this position is eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.

Additional Information

Visa has adopted a COVID-19 vaccination policy to safeguard the health and well-being of our employees and visitors. As a condition of employment, all employees based in the U.S. are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law.

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

Privacy Policy