Information Security and Technology Risk Manager

Non-Financial Risk (NFR) 

Mizuho’s Non-Financial Risk (NFR) team provides independent oversight and credible challenge of the firm’s IT and Information Security risk program, partnering with 1st line of defense teams to strengthen the control environment. We are a growing, collaborative team that values intellectual curiosity and a forward-thinking approach to risk management. This hybrid role (in-office/remote) offers high visibility across the enterprise, with direct engagement with senior leadership, governance committees, and business partners across Mizuho U.S. Operations. We are looking for an experienced Risk Manager for Information Security and Technology to drive a consistent 2nd line of defense approach to identifying, assessing, and reporting Information Security and Technology risks across the firm’s lines of business. The ideal candidate will bring a forward-thinking mindset, with a strong interest in leveraging artificial intelligence and workflow automation to enhance risk management processes and drive operational efficiency. Candidates with Big 4 IT audit, risk advisory, or technology consulting backgrounds are strongly encouraged to apply. This role offers a clear growth trajectory as the team and program continue to scale. 

Principal Duties and Responsibilities 

• Support oversight and credible challenge activities by leading the review of risks and impacts identified by 1st line control owners and providing independent assessments to senior management. 

• Review and assess Information Security and Technology policies and standards, formulating observations and actionable recommendations for management. 

• Collaborate with business partners to develop, maintain, and refine Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for Information Security and Technology risk. 

• Conduct risk assessments, deep dives, and gap analyses and document findings and identified control enhancement opportunities, including Risk and Control Self-Assessment (RCSA) validation. 

• Track remediation plans for risk events and issues; coordinate with action owners to collect and evaluate remediation evidence and report progress to management. 

• Support and present to governance committees, management, and business partners by preparing materials, delivering analysis, and driving follow-up actions. 

• Develop an understanding of business processes and objectives to independently identify opportunities to strengthen the control environment. 

• Provide review and challenge to Non-Financial Risk framework initiatives, such as Internal Control Testing and Scenario Analysis, by performing assigned analyses and documentation tasks. 

• Identify opportunities to leverage AI, automation, and emerging technologies to streamline risk management workflows, including evidence collection, risk reporting, control testing, and remediation tracking; evaluate and recommend tools and approaches with appropriate governance considerations. 

• Maintain awareness of Information Security, Technology, AI governance, and regulatory developments and escalate relevant observations to management for discussion, support outreach, communication, and training efforts across business lines. 

Qualifications 

• Bachelor’s degree in computer science, engineering, MIS, information assurance, or a related field preferred. Equivalent professional experience will be considered.  

• Professional skepticism, sound judgment, and a steady temperament, with strong analytical and communication skills; able to identify emerging risks, distill complex issues, and engage effectively across all levels of the organization. 

• Self-directed and highly organized, with strong project management skills and the ability to prioritize competing demands within defined SLAs. 

• 3+ years of experience in Technology Risk, IT Audit, Information Security, risk advisory, or related field, with practical knowledge of security principles and risk management. 

• Interest in or exposure to AI tools and workflow automation for risk management processes is a plus. 

• Familiarity with information security and technology frameworks and industry best practices, such as FFIEC, ISO, NIST, COBIT, ITIL, SOX, SOC 1/SOC 2, or COSO. 

• Financial Services or Banking experience preferred. 

• Big 4 IT audit, risk advisory, or technology consulting experience is highly valued. 

• CISSP, CRISC, CISA, CISM, or CCSP certifications a plus. 

The expected base salary ranges from $137,500 - $185,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including Medical, Dental and 401K plans, successful candidates are also eligible to receive a discretionary bonus.

#LI-Hybrid