
Oversee IT, Information Security, and Business Continuity/Disaster Recovery (BCP/DR) risks across the credit union. Partner with technology and business leaders within the three lines of defense framework to provide independent oversight and advisory support, ensuring technology risks are effectively managed and aligned with the organization's risk appetite, regulatory expectations, and strategic objectives. Serve as the primary liaison between Enterprise Risk Management and technology leadership to promote transparency, resilience, and informed risk-based decision-making.
- This position is hybrid.
- NYC Salary Range: $150,000 - $200,000 annually: compensation is commensurate to geographic location.
ACCOUNTABILITIES:
Technology and Emerging Risk Oversight• Regardless of seniority or role, uphold UNFCU’s mission, core values, and guiding principles by providing an exceptional service experience to colleagues and members alike through consistent demonstration of our service excellence behaviors.
• Provide independent second-line oversight of Information Technology, Information Security/Cyber, AI, technology resilience, and infrastructure risks, ensuring effective governance across the organization.
• Assess and challenge first-line risk assessments, control effectiveness, and mitigation strategies related to core systems, cloud adoption, data management, AI, automation, and third-party technology risks.
AI Risk and Governance
• Provide independent oversight of AI governance, including AI use cases, model lifecycle controls, decision-support frameworks, and risks such as bias, explainability, data integrity, and misuse.• Partner with technology and business leaders to ensure AI initiatives align with regulatory requirements, governance standards, ethical principles, and effective management of financial, operational, and reputational risks. Information Security Risk Governance• Partner with Information Security leadership to provide independent oversight of cyber risk management, including security incidents, identity and access management, data protection, threat and vulnerability management, and alignment with regulatory and industry standards. Business Continuity & Disaster Recovery Oversight• Provide independent oversight of the organization's Business Continuity and Disaster Recovery (BCP/DR) frameworks, including scenario design, testing effectiveness, recovery objectives (RTO/RPO), and operational resilience.• Partner with first-line technology leadership to review and challenge BCP/DR strategies, testing results, remediation efforts, and readiness for technology failures, third-party disruptions, and other resilience scenarios. Risk Identification, Monitoring, and Reporting• Develop and maintain the technology and operational resilience risk framework, including key risk indicators (KRIs), thresholds, and enterprise-wide risk integration.• Monitor and escalate material IT, cyber, and resilience risks to executive leadership and the Risk Management Committee through effective reporting and governance. Governance and Cross-Functional Coordination• Serve as the primary Enterprise Risk Management liaison to IT leadership, business lines, and operational teams, fostering effective collaboration and risk governance.
• Provide independent second-line oversight by challenging first-line risk ownership and supporting key governance forums, including technology, product, and incident management committees.
Issue Management and Continuous Improvement
• Partner with first-line stakeholders to identify technology-related issues, validate root causes and remediation plans, and monitor corrective actions through resolution.
• Support the Issue Management Program by ensuring technology risks are documented, tracked, and resolved in compliance with regulatory requirements and the organization's Code of Ethics and Business Conduct.
• Bachelor's degree in Risk Management, Information Systems, or related field• 10+ years of experience in a financial services environment with exposure to regulated environments, including a minimum of 4 or more years in a second line or commensurate risk function• Experience in technology, cyber, and operational resilience risk management, including regulatory compliance, risk identification, monitoring, issue management, risk reporting, and cross-functional collaboration with business partners. • Demonstrated ability to provide independent challenge to senior stakeholders, translate technical risks into business and financial impacts
• Strong knowledge of enterprise risk management, financial services regulations (e.g., NCUA, FFIEC, OCC), the three lines of defense model, and technology, cyber, and emerging AI risk frameworks (e.g., NIST, ISO, COBIT).
• Proficient in Microsoft Office, particularly Excel, with sound risk judgment, analytical skills, and the ability to provide independent, objective oversight.
• Strategic thinker with strong digital, cyber, and AI risk awareness, capable of balancing governance, partnership, and practical business solutions.
• Exceptional executive communication and influencing skills, with the ability to build relationships and drive outcomes without direct authority, including presenting to senior leadership and the Board.
• Technology Risk Management experience
• Excellent communication skills
UNFCU is a global not-for-profit financial institution that serves the UN community. We are committed to providing peace of mind to our members and colleagues and strive to achieve service excellence in all that we do. The best part of UNFCU is the people. Those that choose to work with us often find personal fulfillment, professional growth and a purposeful culture.
UNFCU is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. UNFCU prohibits discrimination and harassment of any type. All applicants will be considered for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by country, federal, state or local laws.

The United Nations Federal Credit Union (UNFCU), founded in 1947, is a member-owned, not-for-profit cooperative that offers a range of banking, investment and insurance products and services to the global UN community. We have more than 200,000 members in over 200 countries, assets in excess of USD $8B, and more than 700 employees. UNFCU is committed to social responsibility and we support causes worldwide. Headquartered in Long Island City - Queens, and with branches in New York City and offices in Washington, D.C. and McLean, VA, UNFCU also has representative offices in Geneva, Switzerland; Vienna, Austria; Nairobi, Kenya, Rome, Italy and Entebbe, Uganda. For more information, visit www.unfcu.org.
As an employer, our benefits are second to none, and include comprehensive medical, dental and vision; 401k with dollar for dollar matching contributions and immediate vesting; a generous defined benefit cash balance plan; tuition reimbursement; volunteer time off; company paid life & disability coverage; flexible spending accounts; and maternity/paternity leave to name a few!
We are committed to embedding diversity in all areas of our business. We promote an environment of equity and inclusion where we embrace and leverage our differences to drive organizational success. Our staff is representative of the global membership we serve.
Because of this diversity, we can understand, communicate, empathize, and connect with each and every member. Our employees, and the exceptional service they provide, are our core strength as we provide peace of mind to our members.
UNFCU has a dedicated Diversity, Equity, Inclusion and Belonging (DEIB) Council and several business resource groups (BRGs) comprised of staff volunteers. Each BRG hosts educational events and activities to empower their members and allies. The BRGs also identify and implement measurable best practices that further embed DEI in UNFCU’s corporate culture.
An Equal Opportunity & Affirmative Action Employer