Location: For Those Who Work At Home - Various, Ohio 44145 JOB BRIEF The Cybersecurity and Technology Operational Risk Officer has responsibility to mitigate and discourage actions that may expose KeyCorp and its affiliates to cybersecurity or resilience risk with its business activities. This position is responsible for ensuring cybersecurity and resilience risk requirements and processes comply with regulatory requirements, Key's Risk Management policies and program requirements, and that business activities are managed within Key's Operational Risk Management appetite. Additionally, this position is responsible for the oversight of risk identification and mitigation for cybersecurity and resilience risk, including the oversight of relevant programs and policies, which includes providing highly specialized guidance and oversight on current and emerging legal, regulatory, and operational risk issues, monitoring and measuring operational risk performance, and reviewing and challenging of strategy (e.g., initiatives, products, third parties, and clients), control design, implementation, testing, and remediation for all LOBs. The qualified candidate must be able to work independently and use sound judgment taking into consideration risk tolerances of assigned LOBs and KeyCorp overall. This role reports directly to the Operational Risk Program Manager Cybersecurity and Resilience. This position is a single contributor role and does not have direct reports. ESSENTIAL JOB FUNCTIONS - Proactively works with business unit management to identify and assess cybersecurity and resilience risks associated with business activities, ensuring alignment with the Corporate Operational Risk Framework including: Advising LOBs on risks and controls and applicable metrics (i.e., KRIs, EWIs, Tolerances). Advising LOBs on risks related to new products and/or services and business initiatives. Advising LOBs on risks related to outsourced third party activities. Identifying aggregate risk across LOBs Assessing the appropriateness of and working with LOBs on developing and/or enhancing internal procedures and guidelines to comply with Operational Risk appetite, tolerances and policies. Conducts a robust Review and Challenge process in evaluating and reviewing business processes, risk profiles, risk indicators, controls, remediation plans, etc., to ensure alignment with Key's Operational Risk and Enterprise Risk Management programs, policies and practices. Ensures the effective development and delivery of corporate-wide and or role specific Operational Risk training; provides guidance and assistance related to LOBs related to the development of LOB specific operational risk training. Providing periodic risk reporting to senior management - Accountable for ensuring that policies and procedures and associated cybersecurity and resilience risk programs are consistent with current applicable banking rules, regulations, and laws. Monitors and assesses for any new or amended requirements. - Develops and recommends for approval policies, standards, procedures and guideline to comply with corporate risk appetites, tolerances and policies. - Ability and willingness to learn emerging technologies (FinTech) and best practices associated with securing / managing these technologies and services, including but not limited to: cloud computing, robotic process automation, AI and APIs. - Acts as Cybersecurity and Resilience Risk Subject Matter Expert on assigned Subcommittees and/or Working Groups. - Develops and maintains positive working relationships with internal clients, staff, peers, and senior management. - Ensures a sound understanding of business strategy, business processes and associated risks for assigned business units. - Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules,