Director, Business Risk and Controls

Purpose of Job

We are currently seeking talented Director, Business Risk & Controls for our San Antonio, TX facility.

Oversees the EOS Enterprise Technology BCM Vertical's "Digital, Design and Innovation” teams responsible for the development, implementation and oversight of risk and compliance management programs in the first line of defense.

This leader will manage a team of Business Risk & Control Advisors who will perform overall assessments of technology operational risks and controls and conduct analysis to identify, validate, and manage emerging risks. The person selected for this role will review and evaluate the effectiveness of the design and operation of internal controls which includes documenting risks and controls and directing control testing. Working with their team of professionals this leader will develop controls (strategic, operational and regulatory) and risk mitigation action plans working closely with our enterprise control partners (Risk, Compliance & Audit) and will serve as a primary liaison to our technology teams providing leadership and guidance to make sure that procedures and processes are in place to effectively identify, monitor and manage risk. For large scale technology initiatives this role will identify risks or quality control improvements and support as appropriate, including execution of project activities, technology integrations and large system process improvements.

Job Requirements


USAA knows what it means to serve. We facilitate the financial security of millions of U.S. military members and their families. This singular mission requires a dedication to innovative thinking at every level.

In each of the past five years, we've been a top-40 Fortune 100 Best Companies to Work For®, and we've ranked among Victory Media's Top 10 Military Friendly® Employers primar13 years straight. We embrace a robust veteran workforce and encourage veterans and veteran spouses to apply.



Our most important qualification isn't technical, it's human. Here, we don't just sit in front of a screen. We stand behind our 11 million members who rely on us every day.
We are over 3,000 employees  strong, a passionately supportive and collaborative team built on Agile principles. We've been a top-two Computerworld 100 Best Places to Work in IT five years in a row and were recently named a Top 50 Employer for Minority Engineers & IT by Workforce Diversity Magazine.       
See what it's like to work for a company where your passion meets our purpose: 
USAA Information Technology: A Realistic Preview 

  • Directs staff and initiatives that support risk and control management programs, to include governance support, risk oversight, risk infrastructure development, identification, quantification, and aggregation of key and emerging risks and/or operational risks and controls.
  • Advises senior management and influences process change.
  • Builds and manages a high performing team of risk professionals through recruitment, training, coaching, performance management and related managerial activities.
  • Manages consulting relationships with internal and external clients in regard to budget and implementation deliverables and risk mitigation plans as appropriate.
  • Partners with key stakeholders in the business and oversees the identification, assessment and documentation of risks and controls, including risks associated with new or modified products, services, distribution channels, regulations and/or third party operations.
  • Directs the formulation of stress test plans for a line of business or the enterprise, evaluates results, and frames contingency plans in partnership with key business stakeholders.
  • Directs the oversight of model risk through model documentation review, assessment of performance monitoring, model validation, and use implementation.
  • Reviews, communicates and recommends the development of risk policies and procedures in partnership with senior leaders to ensure appropriateness and adequacy versus industry best practices and regulatory requirements.
  • Provides counsel to business unit managers on risk management issues and supports the evaluation of new product strategies on their impact to USAA's risk profile.
  • Develops, implements and oversees the risk management frameworks.
  • Formulates risk management policies, procedures and standards in conjunction with senior management and risk management committees.
  • Educates risk owners on risk management best practices and may work with other risk functions in the development and implementation of risk controls.
  • Manages processes for collecting accurate and complete internal loss data from business areas.
  • Directs analysis and data mining initiatives that identify, validate, and manage emerging risk exposures, as necessary.
  • Assists in the early identification of risk trends by establishing and monitoring key performance and risk indicators.
  • Oversees the preparation of key reports and communications and may present to governance committees, senior leaders, regulatory bodies and the USAA Board of Directors.

Minimum Requirements

  • Bachelor's Degree in Risk Management, Business, Finance or related field of study or 4 years of related experience.
  • 8 or more years of relevant operations experience in a relevant functional area to include financial services, insurance, banking, audit, public accounting, information technology, or related functional area OR 8 or more years of experience in a quantitative discipline relevant to financial risk management.
  • 3 or more years of leadership or managerial experience.
  • Expert knowledge of relevant regulatory compliance, industry regulations and regulatory data sources required.

*Qualifications may warrant placement in a different job level.*

When you apply for this position, you will be required to answer some initial questions. This will take approximately 5 minutes. Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.


  • Expert knowledge in operational risk and controls execution in Banking industry.
  • Familiarity with Governance Risk and Compliance (GRC) software to manage risk and control documentation.
  • 7+ years relevant work experience in Operational Risk management within a Large Bank and/or highly matrixed environment related to banking regulations and compliance.
  • Demonstrated skill in one of the following or other related designations: Certified Information Systems Auditor (CISA), Professional Risk Manager (PRM), Certified Internal Auditor (CIA), Certified Regulatory Compliance Manager (CRCM), Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP)
  • Experience interacting with and managing relationships with a broad set of stakeholders (audit, legal, management, regulatory agencies, and business partners)
  • Understanding of common frameworks such as FFIEC, COBIT, COSO, NIST and operational risk concepts.

***Selected candidates will attend and complete the Management Development School program in San Antonio, TX, during their first six months in position.***

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

At USAA our employees enjoy one of the best benefits packages in the business, including a flexible business casual or casual dress environment, comprehensive medical, dental and vision plans, along with wellness and wealth building programs. Additionally, our career path planning and continuing education will assist you with your professional goals.

USAA also offers a variety of on-site services and conveniences to help you manage your work and personal life, including seven cafeterias, two company stores and three fitness centers.

Relocation assistance is not available for this position.

For Internal Candidates:

Must complete 12 months in current position (from date of hire or date of placement), or must have manager’s approval prior to posting.

Last day for internal candidates to apply to the opening is 12/13/18 by 11:59 pm CST time.