Senior Risk Manager – Digital Strategy & Enterprise Automation (Commercial Bank)

Description

As a Senior Risk Manager in the First Line of Defense, you will play a pivotal role in managing risks across digital banking platforms and emerging technologies—including AI and intelligent automation. You’ll serve as a trusted advisor to business partners, helping to ensure innovation is delivered safely, to scale, and in alignment with regulatory expectations.

You’ll lead complex risk assessments, assess control frameworks, and monitor the effectiveness of controls across AI and automation initiatives. This role also supports governance processes, change management, and pilot oversight, while driving continuous improvement through automation and AI-enabled risk solutions.

You’ll also partner with relevant groups such as; Sourcing, Privacy, Legal, InfoSec, and Third Party Risk Management (TPRM) to assess third‑party vendor risks, ensuring contracts, SLAs, and control obligations provide sufficient coverage for AI, GenAI, Agentic AI, and automation risks—including data handling, model governance, operational resilience, and regulatory compliance requirements.

Your key responsibilities will include:

• Lead risk identification, assessment, and mitigation for digital platforms and emerging technologies (AI, GenAI, Agentic AI & automation).

• Develop and maintain control frameworks for AI and automation use cases.

• Partner with business and tech teams to ensure operational and technical resiliency.

• Oversee risk governance activities: change control, control testing, and RCSAs.

• Provide regulatory guidance (e.g., OCC, FRB, GLBA, NIST) across digital initiatives.

• Collaborate with Second and Third Lines of Defense to maintain transparency and alignment.

• Support pilot programs and new product launches by assessing risk exposure and recommending mitigations.

• Serve as a subject matter expert on AI governance, ethical use, and risk mitigation.

Key Skills and Qualifications:

• Strong Knowledge of Risk Management Principles: A solid understanding of various risk types (e.g., operational, financial, compliance, reputational) and risk management methodologies, including COSO and OCC Heightened Standards. 
• Technology and Cybersecurity Risk Management: Focus on identifying and mitigating risks associated with the adoption and integration of AI, GenAI, Agentic AI, and automation technologies within digital banking platforms. Collaborate with technical teams to ensure the security, stability, and operational resilience of AI-enabled systems, including core banking infrastructure and intelligent payment applications. Evaluate emerging technology risks such as model drift, adversarial AI threats, and data integrity vulnerabilities. Maintain awareness of evolving cybersecurity threats and regulatory expectations, and implement proactive controls and monitoring strategies to safeguard against technology-driven disruptions and ensure compliance with frameworks such as SR 11-7, FFIEC, and NIST
• Third Party Risk Management: Ensure that all third-party providers involved in the development, deployment, or support of AI, GenAI, Agentic AI, and automation solutions are identified and integrated into the Bank’s Third-Party Risk Management (TPRM) program. Confirm that due diligence activities both onboarding and through ongoing monitoring—are conducted in accordance with policy requirements, with a specific focus on evaluating contact language, model governance, data handling practices, algorithmic transparency, and compliance with regulatory expectations such as SR 11-7, NIST AI RMF, and FFIEC guidance.
• Risk Assessment Skills: The ability to manage and execute risk assessments on new business initiatives and implement new and / or revised controls to applicable product and service risk inventories.  Experience in establishing risk and control inventories and executing an annual and or ad hoc targeted risk and control self-assessment on a product and service inventory. 
• AI, GenAI, and Automation Solutions: Foundational knowledge of AI, Generative AI (GenAI), Agentic AI, and automation solutions within enterprise environments, including their application in streamlining operations, enhancing decision-making, and enabling intelligent workflows. This includes an understanding of embedded AI use cases across various business functions and how the risk landscape evolves with the adoption of AI-driven architectures and automated process flows. 
• Data & Privacy Risk Oversight: Knowledge of data management, data protection, and privacy requirements—including GDPR, CCPA, and GLBA—and their implications on AI and automation architectures. Skilled in assessing data quality, lineage, classification, access controls, and the handling of sensitive or regulated data throughout AI model development, deployment, and monitoring.
• Financial Industry Experience: Experience in the banking and financial services industry, ideally within a nationally chartered institution, with a strong foundation in regulatory compliance, operational risk, and governance. Skilled in identifying and assessing emerging risks associated with AI adoption—such as model bias, data privacy, explainability, and third-party dependencies—and ensuring that appropriate controls, testing protocols, and governance frameworks are in place. Proven ability to collaborate with cross-functional teams to embed risk management practices throughout the AI solution lifecycle, from design and deployment to post-implementation review, in alignment with regulatory expectations and organizational risk appetite.
• Regulatory Knowledge: Familiarity with SR 11-7 and OCC 2011-12 for model risk management, FFIEC guidance on cybersecurity and third-party risk, the NIST AI Risk Management Framework, data privacy laws such as GDPR and CCPA, Basel’s Principles for Operational Resilience, and applicable SEC/FINRA regulations, all within the context of responsible AI governance. 
• Relationship Building Skills: The ability to develop, maintain, and enhance internal and external business relationships to facilitate risk advisory, knowledge sharing, and familiarity with ongoing industry trends and best practices.
• Problem-Solving Skills: The ability to independently identify and resolve risk-related issues.
• Knowledge of Tools: GRC Archer, JIRA, Confluence, Excel, Tableau.

• Qualifications

  • Bachelor’s degree in Technology, Cybersecurity, Computer Science, or related field.
  • 5–8 years of progressive experience in Risk, Audit, or Compliance, with a strong foundation in Technology Risk, Cybersecurity, and / or Information Security frameworks, as well as exposure to AI, automation, or enterprise digital modernization efforts.
  • Certifications (preferred): CISA, CIA, CRISC, IAPP AIGP, CISSP, Security +.

To thrive as a colleague at Citizens, candidates must demonstrate a strong customer-centric mindset, exhibit persistence and resilience in the face of challenges, and embrace continuous learning to adapt and grow in a dynamic environment.

Hours per Week: 40

Location: Boston MA, Westwood, MA, Johnston RI, or East Providence RI

Work Schedule: Monday – Friday, 4 days in the office, 1 day remote.

Pay Transparency:

The salary range for this position is $129,000-$150,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .

 Citizens will not sponsor an applicant for a work visa, such as an H-1B, for this position.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.