Managing Director IT FLCO - Infrastructure Risk Lead

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

The Managing Director, Front Line Controls Officer will play a critical leadership role in overseeing and strengthening the bank’s technology and infrastructure control environment. This individual will lead a high-performing team or technology risk professionals and serve as a risk partner to the bank’s leadership over Infrastructure, Project Management, and Architecture to ensure that technology risks are proactively identified, assessed, and mitigated across the enterprise. Areas of focus include Infrastructure Management, Cloud Security and Operations, Identity and Access Management (IAM), Secure SDLC, Agile Delivery, and Project Governance and Execution.

Key responsibilities include building and maintaining a comprehensive control inventory, enhancing the risk and control self-assessment (RCSA) program, and ensuring alignment with internal policies, regulatory requirements, and industry best practices. The role will also provide risk partnership for key technology processes, including cloud security and configuration, asset management, secure SDLC, patch management, incident and problem management, capacity planning, database management, identity access management, and modern DevSecOps practices. The ideal candidate will bring deep expertise in technology risk management and internal controls within the banking sector that enable the candidate to serve as the "voice of risk" in strategic infrastructure initiatives and large-scale, high-visibility regulatory remediation programs.

Key Responsibilities

• Leadership & Strategy: Oversight and management for multiple Technology Front Line Unit (FLUs) aligning with the vision and objectives set by the Chief Controls Officer and the IT First Line Controls Officer.  Lead and develop a high-performing team of risk professionals, fostering a culture of accountability, continuous improvement, and proactive risk ownership.  Leverage agile principals to operate transparently.
• Controls Design & Inventory: Collaborate with the Technology Front Line Unit to design, implement, and maintain effective controls that mitigate identified risks across infrastructure, cloud, IAM, SDLC, and project management domains. Leverage technical expertise and industry knowledge to build and maintain a comprehensive control inventory, ensuring traceability to risks, regulatory requirements, and internal policies. 
• Proactive Oversight: Drive the early identification of control issues, emerging risks, and process deficiencies. Lead root cause analysis and oversee the development and execution of robust, sustainable remediation plans to address control gaps and prevent recurrence.  Analyze risk data to assess likelihood, impact, and trends, and provide actionable insights to senior leadership.
• SDLC Engagement: Partner closely with Enterprise Architecture and the Project Management Office to support risk-informed decision-making across the technology development lifecycle; serve as “voice of risk.”  Effectively integrate into key tollgates to provide strong risk support.  Foster a culture of “shifting left” and provide counsel informed by industry leading practices on Infrastructure as Code, secure CI / CD pipelines, and modern patch management.
• Cloud Partnership:  Perform risk evaluations of material changes in infrastructure, cloud, and networking environments, including new cloud services and architectural patterns. Maintain ongoing engagement with cloud operations teams and ensure new services and configurations are appropriately secured.
• Infrastructure and Availability:  Evaluate the risk impact of incidents and problems on the control environment and recommend enhancements to prevent recurrence.  Provide governance and oversight of patch management programs, ensuring timely remediation of vulnerabilities and alignment with risk appetite.
• RSCA Program Management: Lead the execution and documentation of RSCA processes across the respective Front Line Units (FLUs) to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the RCSA program, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Reporting & Communication: Develop and deliver executive-level reporting that highlight risk trends, control effectiveness, and areas requiring attention.
• Continuous Improvement: Evaluate and improve the overall risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the risk management program.
• Compliance Assurance: Ensure adherence to applicable regulations and banking standards, partnering closely with Compliance, Internal Audit, and other control functions.

Skills, Experience and Qualifications Required:

• Education:
  • High school diploma or GED required.
  • Bachelor’s degree in Technology, Risk Management, or a related field, preferred.
  • Advanced degree and/or risk certifications preferred (CISA, CISSP, CCSP, PMP, etc.)

• Experience:
  • 10+ years of experience in risk management, operational risk, or internal audit within the banking or financial services industry.
  • Substantial experience in leading RCSA, internal audit, or similar assessment/testing programs.
  • At least 5 years in a senior leadership role, demonstrating the ability to effectively lead and develop a team.

• Knowledge:
  • Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
  • Strong familiarity with software-defined networks, cloud security posture management, zero trust network principals, and cloud access security brokers.
  • Strong understanding of operational risk management techniques and control assessment methodologies.
  • In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

• Skills:
  • 10+ years of experience in technology risk, operational risk, information security, or audit in a regulated financial or technology-driven environment.
  • Deep understanding of technology risk frameworks for infrastructure, cloud, cybersecurity, service management, and delivery (e.g., NIST, ISO, FFIEC), CRI/CRI Profile, and risk rating methodologies.
  • Experience with cloud operations, Infrastructure as Code (IaC), enterprise architecture, asset management, change management, database management, identity and access management, configuration management, network security, capacity management and FinOps, problem and incident management, agile software delivery, DevSecOps, and project management.
  • Proven experience interfacing with regulators (e.g., OCC, FRB, SEC) and audit functions.
  • Exceptional written and verbal communication, influencing, and negotiation skills at senior executive levels.
  • Ability to translate complex technical risks into clear business language.
  • Experience managing high-performing risk or compliance teams.
  • Strong judgment, discretion, and an ability to operate in fast-paced, ambiguous environments.
  • Strategic thinker with a practical orientation toward execution and results.

The estimated salary range for this position is $180,000.00 to $225,000.00. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-Hybrid

#LI-FO1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.