Natixis CIB North America
Information Technology Risk 1LoD lead
Natixis CIB North America, New York, New York, us, 10261
Poste et missions
We are seeking a highly skilled and experienced Director of Technology Risk LoD1 and Software Asset Management lead to play a critical role in safeguarding Natixis CIB Americas IT and ensuring compliance with industry regulations.
They will serve as the primary interface for the LoD1.1 Group (BCPE group and Natixis CIB at Head Office) and LoD2 (CISO, Operational Risk and Compliance) in relation to IT risk taxonomies and categories for LoD1 (Line of Defense 1).
This executive role is vital for ensuring the security and compliance of our Natixis CIB Americas IT, managing software assets effectively, and mitigating risks associated with information technology operations.
The successful candidate will possess a deep understanding of IT risk frameworks, software licensing agreements, and industry best practices. You will be responsible for implementing the Group IT Risk Management (ITRM) Framework, tailoring it to meet specific business or geographical needs, and leading initiatives to assess and enhance IT risk controls for Natixis CIB Americas platform in coordination with the overall IT department.
Leadership and Strategy
Strengthen the IT risk management strategy in alignment with Head Office (BPCE Group and Natixis CIB), organization’s goals and compliance requirements.
Lead the Software Asset Management (SAM) program, including process optimization, governance frameworks and contributing to the associated policy managed at LoD2.
Risk Assessment
Participate and/or conduct regular risk assessments, vulnerability assessments, and audits to identify potential IT risks and recommend appropriate controls and mitigations.
Oversee and assist the identification, analysis, and prioritization of risks associated with IT systems, software applications, and third-party vendors.
Procedure and Runbook Development
Establish and maintain IT risk management procedures and any associated runbook in accordance with industry regulations and best practices.
Ensure software asset management procedures and runbooks are effectively communicated and enforced across the organization.
Software Asset Management (SAM)
Oversee the lifecycle of software assets from acquisition to retirement, ensuring compliance with licensing agreements and optimizing software usage with alignment with Head Office processes.
Conduct daily health checks and completeness checks for all software assets in the IT Asset Management (ITAM) system.
Coordination and Collaboration
Coordinate the ITAM Annual Recertification process to ensure ongoing compliance and accuracy of software assets with the IT asset owners.
Liaise with relevant stakeholders to facilitate IT controls review and reporting, ensuring all controls are met and documented.
ITAM Tool Management
Participate on ITAM tool feature enhancements to improve functionality and ensure it meets organizational needs, especially around SAM area.
Manage enhancement requests for the ITAM tool, working with IT teams to prioritize and implement improvements.
Monitoring and Reporting
Perform random sampling of the End-of-Life (EOL) remediation tracking PowerApp to ensure compliance and effectiveness.
Prepare risk and controls reporting, including controls, Data Risk Strategy (DRS), and operational risk reports for senior management.
Submit risk acceptances for CIO Office needs, ensuring proper documentation and justification for any exceptions.
Security and Compliance
Coordinate the implementation and knowledge transfer related to Multi-Factor Authentication (MFA) for appropriate applications to enhance security measures.
Oversee ITAM controls operations to ensure adherence to established policies and procedures.
Training and Awareness
Develop and implement training programs to educate employees on IT risk management practices and software licensing compliance.
Foster a culture of accountability and awareness around IT risk and asset management within the organization.
Continuous Improvement
Stay current with industry trends, regulations, and emerging technologies related to IT risk management and software asset management.
Drive continuous improvement initiatives to enhance risk management processes and software asset utilization.
The salary range for this position will be for a Director between $185,000 - $205,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual.
Profil et compétences requises
Bachelor’s degree in a related field.
10+ years of IT experience specializing in risk management and software asset management, with a history of progressive leadership.
Extensive knowledge of IT risk frameworks (NIST, ISO 27001, FFIEC) and software licensing for compliance and asset management.
Relevant certifications (e.g., CRISC, CDPSE, CSAM) preferred.
Experience in regulated environments, adhering to compliance frameworks for banking regulators (FFIEC, Federal Reserve).
Expertise in Risk Management and Regulatory Compliance.
Familiarity with internal and external audits and remediation processes.
Skills in process improvement and organizational change.
Proficient in expense review and resource optimization.
Knowledge of Cloud technologies, particularly SaaS.
Experience in program and project management for timely delivery.
Understanding of vendor management, third-party governance, and architecture governance aligned with business strategy.
#J-18808-Ljbffr
They will serve as the primary interface for the LoD1.1 Group (BCPE group and Natixis CIB at Head Office) and LoD2 (CISO, Operational Risk and Compliance) in relation to IT risk taxonomies and categories for LoD1 (Line of Defense 1).
This executive role is vital for ensuring the security and compliance of our Natixis CIB Americas IT, managing software assets effectively, and mitigating risks associated with information technology operations.
The successful candidate will possess a deep understanding of IT risk frameworks, software licensing agreements, and industry best practices. You will be responsible for implementing the Group IT Risk Management (ITRM) Framework, tailoring it to meet specific business or geographical needs, and leading initiatives to assess and enhance IT risk controls for Natixis CIB Americas platform in coordination with the overall IT department.
Leadership and Strategy
Strengthen the IT risk management strategy in alignment with Head Office (BPCE Group and Natixis CIB), organization’s goals and compliance requirements.
Lead the Software Asset Management (SAM) program, including process optimization, governance frameworks and contributing to the associated policy managed at LoD2.
Risk Assessment
Participate and/or conduct regular risk assessments, vulnerability assessments, and audits to identify potential IT risks and recommend appropriate controls and mitigations.
Oversee and assist the identification, analysis, and prioritization of risks associated with IT systems, software applications, and third-party vendors.
Procedure and Runbook Development
Establish and maintain IT risk management procedures and any associated runbook in accordance with industry regulations and best practices.
Ensure software asset management procedures and runbooks are effectively communicated and enforced across the organization.
Software Asset Management (SAM)
Oversee the lifecycle of software assets from acquisition to retirement, ensuring compliance with licensing agreements and optimizing software usage with alignment with Head Office processes.
Conduct daily health checks and completeness checks for all software assets in the IT Asset Management (ITAM) system.
Coordination and Collaboration
Coordinate the ITAM Annual Recertification process to ensure ongoing compliance and accuracy of software assets with the IT asset owners.
Liaise with relevant stakeholders to facilitate IT controls review and reporting, ensuring all controls are met and documented.
ITAM Tool Management
Participate on ITAM tool feature enhancements to improve functionality and ensure it meets organizational needs, especially around SAM area.
Manage enhancement requests for the ITAM tool, working with IT teams to prioritize and implement improvements.
Monitoring and Reporting
Perform random sampling of the End-of-Life (EOL) remediation tracking PowerApp to ensure compliance and effectiveness.
Prepare risk and controls reporting, including controls, Data Risk Strategy (DRS), and operational risk reports for senior management.
Submit risk acceptances for CIO Office needs, ensuring proper documentation and justification for any exceptions.
Security and Compliance
Coordinate the implementation and knowledge transfer related to Multi-Factor Authentication (MFA) for appropriate applications to enhance security measures.
Oversee ITAM controls operations to ensure adherence to established policies and procedures.
Training and Awareness
Develop and implement training programs to educate employees on IT risk management practices and software licensing compliance.
Foster a culture of accountability and awareness around IT risk and asset management within the organization.
Continuous Improvement
Stay current with industry trends, regulations, and emerging technologies related to IT risk management and software asset management.
Drive continuous improvement initiatives to enhance risk management processes and software asset utilization.
The salary range for this position will be for a Director between $185,000 - $205,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual.
Profil et compétences requises
Bachelor’s degree in a related field.
10+ years of IT experience specializing in risk management and software asset management, with a history of progressive leadership.
Extensive knowledge of IT risk frameworks (NIST, ISO 27001, FFIEC) and software licensing for compliance and asset management.
Relevant certifications (e.g., CRISC, CDPSE, CSAM) preferred.
Experience in regulated environments, adhering to compliance frameworks for banking regulators (FFIEC, Federal Reserve).
Expertise in Risk Management and Regulatory Compliance.
Familiarity with internal and external audits and remediation processes.
Skills in process improvement and organizational change.
Proficient in expense review and resource optimization.
Knowledge of Cloud technologies, particularly SaaS.
Experience in program and project management for timely delivery.
Understanding of vendor management, third-party governance, and architecture governance aligned with business strategy.
#J-18808-Ljbffr