Why USAA?

At USAA, we have an important mission: facilitating the financial security of millions of U.S. military members and their families. Not all of our employees served in our nation’s military, but we all share in the mission to give back to those who did. We’re working as one to build a great experience and make a real impact for our members.

We believe in our core values of honesty, integrity, loyalty and service. They’re what guides everything we do – from how we treat our members to how we treat each other. Come be a part of what makes us so special!

The Opportunity

We are currently seeking a Principal, IT/IS Risk Management. This is a key position within USAA’s Risk Management team, reporting to the AVP of IT Risk Management. As second line of defense (risk) lead on IT/IS Third Party Risk Programs, the Principal will seek to deliver independent risk oversight of IT Risk Governance Program. The role will develop and implement risk assessments across Enterprise IT/IS space. The Principal will be responsible for providing direct 2nd line of defense (LOD) risk oversight for USAA’s Information Technology/Information Security (IT/IS) business function which includes developing and driving a comprehensive risk management coverage plan.

This position is a hybrid work type and can be based in one of the following locations: San Antonio, TX; Plano, TX; Phoenix, AZ; Charlotte, NC; Colorado Springs, CO or Tampa, FL. Hybrid roles help employees gain the best of both worlds – collaborating in-person in the office and working from home when needed to achieve focused results.

What you'll do:

• Advise the business on how to strengthen and lead their control environment pertaining to oversight of procedures/processes, accurate regulatory reporting and filing, document governance, risk control self-assessments, procedure governance, control design, new product controls, Company or Staff Agency Third Party Governance, or quality governance.
• Reviews and evaluates the Third-Party Risk Management Program and incorporates the applicable requirements into the Enterprise IT Risk Governance Program.
• Accountable for assessing business unit level IT/IS policies, standards and procedures developed and implemented by the business units to ensure they are in alignment with and support the Enterprise IT/IS policies, standards and procedures.
• Evaluates and challenges the completeness and accuracy of the 1st LOD’s enterprise-wide IT/IS process risk and control inventory; conducts validation testing and reviews to ensure the recommended corrective actions to 1st and 2nd LOD identified IT/IS issues are complete, balanced and effective.
• Continually evaluates information technology, information security and data risk developments, strategic and operating plans, stress points and changes in operating processes to identify potential risks which may impact the IT/IS operating and control environment.
• Identifies and manages existing and emerging risks that stem from business activities and ensures risks are effectively identified, measured, monitored, and controlled
• Assesses the enterprise information technology systems and information security protocols to ensure they are secure to support the businesses’ processing environment and are adequately controlled to appropriately mitigate IT/IS risks.

What you have:

• Bachelor's degree; 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.
• 10 years of Information Technology/Information Security (IT/IS) experience in a financial services and/or banking industry to include 6 years of specific risk management experience.
• Demonstrated experience in applying IT/IS risk frameworks such as risk governance, control effectiveness measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing).
• In-depth knowledge of cyber security, information security, fraud risk management, data risk management, customer authentication and identification access processes and controls.
• Proven track record to communicate and influence effectively across all Lines of Defense.
• Knowledge of federal regulation 12 CFR Part 30, including Appendices A, B and D and with federal supervisory guidance, to include:
  • OCC Documents: Large Bank Supervision Handbook; OCC Safety and Soundness Handbooks - Internal Control, and Retail Lending; and with key OCC bulletins to include: Third Party Risk Management; Technology Risk Management; and Operational Risk
  • Federal Reserve Documents: Consolidated Supervision Framework for Large Financial Institutions; Federal Reserve Board Bank Holding Company Supervision Manual
  • FFIEC Manuals and Handbooks to include: Banking; Information Technology Examination
• General understanding of federal laws, rules, and regulations, to include:
  • CRA; ECOA; FCRA; MLA; SCRA; Regulation DD; Regulation E; Regulation Z; BSA/AML and UDAP/UDAAP
  • Basel Committee on Banking Supervision Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS-239)
  • Title V, Section 501 of the Gramm-Leach-Bliley Act
  • EU General Data Protection Regulation (GPDR)
  • California Consumer Privacy Act (CCPA)
  • New York State Department of Financial Services 23 NYCRR Part 500

• Laws and Regulations for illustrative purposes. Roles would need an understanding of all federal and state laws and regulatory guidance applicable to the organization and responsibilities of the role.

What sets you apart:

• Ten or more years with a Proven track record:
  • Assessing and mitigating technology, systems, business continuity, and disaster recovery risks
  • Analyzing, reporting, and advising executive and senior decision makers on emerging risks and impacts (e.g. destabilizing supply chain, Artificial Intelligence, Machine Learning, Cloud, and domestic disruptions) as well as standard process mitigations
• Familiarity with financial sector regulatory practices, second line of defense effective challenge and industry frameworks such as COSO, COBIT, NIST/RMF, and ISO 31000
• Proven ability as a self-motivated, execution oriented individual contributor, collaborative partner, or matrixed team leader as needed
• Technical depth and breadth in at least a few of these areas: System Infrastructure, Network Operations, Asset Management, Configuration Management, Availability, Resiliency, Disaster Recovery, Data Center design/operations, and IT Strategy
• Experience in identifying and reporting risks and mitigating controls across operational risk processes, people, and systems
• Passion for driving a technology risk management culture with key business and IT teams; ability to translate risk assessments into clear, practical feedback for key partners
• Relevant risk and data certifications such as CRISC or CGEIT

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. The salary range for this position is: $152,290 - $291,040.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits, please visit our benefits page on USAAjobs.com.

Relocation assistance is not available for this position.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.