Vice President, Technology & Cyber Risk

at Sallie Mae in Newark, Delaware, United States

Job Description

Vice President, Technology & Cyber Risk

Dulles – Sterling, VA

Who we are:

Sallie Mae is proud to help Americans aspiring to create the life they imagine-whether that means helping them make college happen, or other endeavors they pursue to invest in their future. Our colleagues across departments and across the country are united in our passion and our customer-first approach. Whether you want to join a growing company, be part of an agile workforce, or gain new skills-you’re in the right place.

What You’ll Contribute

In an ever-evolving digital environment, a comprehensive technology and cybersecurity risk management program is essential in protecting an organization, it’s customers and shareholders. Sallie Mae (SLM) seeks a Vice President of Technology and Cyber Risk to report into the Chief Risk and Compliance Officer and partner with leadership across the organization to build an oversight function to mitigate emerging issues or threats that affect the enterprise cybersecurity and technology ecosystem. This executive will set the standard for effective challenge and oversight of SLM’s technology, cybersecurity, and business continuity functions by developing a robust framework for identifying, understanding, and managing risk in adherence with industry frameworks, and in support of SLM’s overall business objectives.

This leader will be responsible for the strategy and delivery of SLM’s second line of defense, with accountability for the overall risk posture as it relates to technology, cybersecurity and business continuity across the enterprise. Additionally, this executive will oversee continuous improvements to first line risk management practices and controls to ensure technology and cyber risks are effectively managed and mitigated. Ultimately the VP, Technology and Cyber Risk will help the organization to focus its investment and energy on those processes (and therefore controls) that are most critical to achieving an efficient, innovative and secure environment.

This role will be based in SLM’s Delaware or DC offices.

What You’ll Do


% of Time Spent

Technology and Cyber Risk Program

· Conceptualizes, builds, and delivers a second line risk management function responsible for oversight of technology, cyber and business continuity (BCP) risk across the enterprise.

· Provides independent oversight, assessment, and effective challenge of first line of defense cyber, technology and BCP functions, activities, and controls. Assesses first line risk appetite and current management of policies, practices, and frameworks to identify and prioritize uplift against an ideal target state.

· Ensures that operational capabilities and processes related to risk management across technology and cybersecurity (inclusive of risk frameworks, processes, event management, etc.) are effectively positioned and well understood.

· Executes second line of defense activities within SLM’s broader operational risk framework to ensure alignment and integration of activities with related second line of defense oversight processes to gain efficiencies and avoid gaps.

· Establishes metrics to measure adherence to the second line of defense control framework. Provides reporting to Chief Risk and Compliance Officer and functional/business leaders to ensure transparency around progress and roadblocks against target state.


Risk Champion and Leader

· As a member of SLM’s risk leadership team, contributes to the overall strategic planning and direction of the enterprise risk program.

· Represents technology and cybersecurity risk as a thought leader, providing leading edge thinking on governance and controls required to appropriately manage current and emerging risks for SLM’s business.

· Promotes and supports SLM’s risk culture including ensuring employees understand their accountabilities for risk-taking activities, promoting an environment of open communication and effective challenge. Establishes the “tone from the top” through leading by example.

· Invites and incorporates the opinions and perspectives of others to achieve alignment.


Personnel Management

· Attracts, retains, and motivates a high-performing team by communicating clear goals and role definitions, providing transparent feedback, creating opportunities for growth, and investing in training and development programs.

· Builds a diverse team that has a balanced mix of second line/operational risk management skills and substantive expertise in technology, cybersecurity, or BCP.

· Reviews performance and progress on a regular basis through metrics and KPIs to ensure the team is achieving required results.

· Checks own and others’ work against required quality standards and recalibrates as needed.

· Instills a sense of urgency in the team to deliver on goals.

· Pre-empts or resolves conflicts by discussing individual issues with each person.


Required Qualifications:

What You Have:

• Bachelor’s degree in business administration or other related field, or equivalent, relevant work experience.

• 12+ years of combined experience overseeing technology, information and cyber risk, ideally in financial services or other regulated industries.

• Strong track record of building or transforming a second line oversight capability for cyber and technology programs.

• Knowledge of relevant enterprise risk and security frameworks.

• Demonstrated experience interacting with/presenting to regulators and senior stakeholders.

• Ability to identify areas of opportunity or risk and escalates appropriately.

• Comfortable with challenging existing ways of doing things and propose new approaches or taking a contrary or unpopular position on a specific change, despite others’ interests to keep things as they are.

• Ability to adapt influencing style based on audience – whether technical or non-technical.

• Ability to understand the different sides of an issue or disagreement.

• Ability to overcome obstacles and/or plan for contingencies.


• Exposure to the board and/or subcommittees.

• “First line” technical or operational experience in cybersecurity or technology.

What You’ll Get at Sallie Mae:

+ Comprehensive Compensation and Healthcare Benefits (Medical, Dental, Vision plans)

+ Financial Well-being : 401(k) company match, employee stock purchase plan, and basic life insurance and short-term disability are provided to employees at no cost

+ Work/Life Balance : Paid time off, time off to volunteer, and tuition reimbursement. In addition, after 6 months of employment, primary caregivers receive 12 weeks of 100% fully paid time off and secondary caregivers are eligible for 4 weeks of 100% fully paid time off, for birth or adoption

+ Wellness : Fitness centers/gym subsidies, free Fitbits with step challenges, and wellness education

Sallie Mae is proud to be an equal opportunity (EEO) employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, sexual orientation, national origin, age, genetic information, gender identity, disability, Veteran status or any other characteristic protected by federal, state or local law. If you’d like more information about your EEO rights as an applicant, please click here. EEO is the Law Supplement. Click here to view the U.S. Pay Transparency Policy.

To view full details and how to apply, please login or create a Job Seeker account
How to Apply Copy Link

Job Posting: JC195923611

Posted On: Oct 27, 2021

Updated On: Jan 27, 2022