FIR1024FRME
2nd Line Technology Risk & Governance Sr Manager
Job description
First Merchants Bank is seeking a 2nd Line Technology Risk & Governance Sr Manager to join our team! This position will support independent oversight, credible challenge, and risk appetite alignment for technology risk across the enterprise. This role contributes to the execution and ongoing maintenance of the Second Line Technology Risk Framework, assessing and challenging 1st line risk identification, ratings, and control effectiveness; monitoring adherence to risk appetite; and supporting escalation of material exposures through established governance (e.g., ORC/ERMC/Board reporting). The role provides independent risk oversight through collaboration with 1st line leaders and control owners, including advisory support, credible challenge, and participation in select independent risk assessments as appropriate.
As part of this role, you will
- Oversight, Credible Challenge & Risk Appetite Alignment
- Provide independent 2nd line risk oversight by assessing 1st line technology risk practices, major initiatives, incidents, root cause analyses, control gaps, and Archer issues remain aligned with the Risk Appetite Statement, ERM Framework, and Technology Risk Framework.
- Provide risk-based challenge and escalation support, while leveraging 1st line and specialized SMEs for technical depth where appropriate.
- Review, assess, and provide credible challenge to 1st line technology risk identification, inherent/residual ratings, and control design/effectiveness; raise observations and recommendations where misalignment with risk appetite or standards are identified.
- Review Key Indicators and trend analysis for technology domains; partner with ORM to monitor Tier 1/Tier 2 indicators and support escalation of deviations in accordance with policy.
- Targeted 2nd Line Technology Risk Oversight & Thematic Reviews
- Provide targeted, risk-based second line oversight of technology risk areas where existing first line assessments, Internal Audit activity, regulatory feedback, incidents, issues, or emerging risk themes indicate potential gaps in risk coverage, control effectiveness, remediation, or risk acceptance.
- Evaluate specific areas of elevated or emerging technology risk, which may include change management, segregation of duties, user access, incident root cause analysis, remediation sufficiency, risk acceptance practices, or alignment to the Technology Risk Framework.
- Leverage and participate in existing assessments, audits, regulatory exams, issue management, and governance processes to identify residual risk themes and determine where second line credible challenge or targeted review activity would provide incremental value.
- Governance, Policy Alignment & Reporting
- Participate in and contribute to relevant governance forums (e.g., IT Strategy Committee, Information Security Committee, IT Operations Subcommittee, Data Governance, Operational Risk Committee, ERMC) to help surface technology risk trends and issues.
- Monitor alignment with ERM policies (ERM Framework, Issue Management, Key Indicators), supporting IT/InfoSec policies (e.g., GLBA, IRP, Third Party Risk), and assist in tracking issues through closure via ERM processes.
- Engage and provide credible challenge in the Risk and Control Self-Assessment governance cycle
- Draft and support technology risk reporting for executive management and Board level materials, highlighting risk appetite breaches, emerging risks, thematic trends, and remediation status.
- Collaboration & Advisory
- Promote risk awareness across the Bank and serve as a 2nd line subject matter resource to 1st line partners while maintaining appropriate independence.
- Partner across ERM, IT, Cyber/InfoSec, Legal/Compliance, Internal Audit, and SOX to provide second line technology risk oversight under the ERM framework, helping evaluate Technology Risk program requirements are appropriately scoped, coordinated, monitored, and escalated without duplicating first line or assurance responsibilities.
To be successful in this position, we require the following:
- Education - Bachelor's degree in technology, business or a related field.
- Experience - A minimum of seven (7) years of technology or technology risk experience, plus a minimum of three (3) years of experience in IT Risk & Governance and/or 2nd line/ERM oversight (or Internal Audit covering technology risk) providing independent challenge.
The following would be a PLUS
- MBA or other advanced degree
- IT/ITIL Certifications
- IIBA Certification
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
First Merchants offers the following
- Base Pay PLUS Bonuses
- Medical, Dental and Vision Insurance
- 401k
- Health Savings and Flexible Spending Accounts
- Vacation/Sick Time
- Paid Holidays
- Paid Parental Leave
- Tuition Reimbursement
- Additional Benefits
A little about us
First Merchants is guided by a genuine philosophy of being a meaningful place to work and having a prosperous impact across all walks of life throughout the communities we serve, including consumers, businesses and other organizations. Our Vision, Mission and Team statement reflect and reinforce that authentic service philosophy.
Our Vision is
To enhance the financial wellness of the diverse communities we serve.
Our Mission is
To be the most responsive, knowledgeable, and high-performing financial organization for our clients, teammates, and shareholders.
Our Team
"We are a collection of dynamic colleagues with diverse experiences and perspectives who share a passion for positively impacting lives. We are genuinely committed to attracting and engaging teammates of diverse backgrounds. We believe in the power of inclusion and belonging."
Apply today to begin your career with us!


