Senior Manager, Technology Compliance

About The Position

Requirements

• Bachelor’s degree or equivalent experience in business, risk management, law, technology, or related fields.
• Minimum 8 years of experience in compliance, operational risk, technology risk, or related functions within a Strong working knowledge of federal and state regulated financial institution.
• banking regulations, including OCC, FRB, FDIC, CFPB, FFIEC guidance, UDAAP, and regulatory expectations for technology and model risk.
• Proven expertise overseeing technology governance, digital banking compliance, AI/ML or emerging technology risk, or similar areas.
• Demonstrated experience providing credible challenge, writing regulatory‑quality documentation, and interacting with examiners or internal audit teams.
• People leadership experience, with ability to build and develop high-performing teams.
• Strong emotional intelligence, collaborative approach, and ability to influence cross‑functional teams.
• Self‑starter with a growth mindset, proactive problem-solving skills, and comfort working in fast‑moving environments.

Nice To Haves

• Advanced degree (JD, MBA, MS Risk, or similar).
• Experience in financial services compliance involving AI/ML governance, digital assets, or innovative financial technologies.
• Understanding of risk management disciplines including operational risk, issue management, RCSA processes, vendor/third-party risk (non-security focus), and business continuity.
• Experience working with or overseeing technology-driven initiatives (e.g., automation, cloud workflows, digital platform enhancements).
• Professional certifications such as CRCM, CAMS, CRISC, or similar compliance/risk credentials.
• Ability to translate complex regulatory requirements into practical, actionable guidance for non-compliance partners.

Responsibilities

• Regulatory & Compliance Oversight Provide second-line oversight of technology initiatives to ensure compliance with federal and state banking regulations, including but not limited to OCC, Federal Reserve, FDIC, CFPB, FFIEC guidance, GLBA (non‑security provisions), UDAAP, E-SIGN, Model Risk Management (SR 11‑7), and emerging regulatory expectations for AI and digital innovations.
• Monitor and interpret regulatory developments affecting technology, digital banking, automation, AI/ML, and distributed ledger/crypto-adjacent activities; translate regulatory expectations into actionable guidance for Technology and Product partners.
• Support preparation for, and response to, regulatory exams, supervisory engagements, and internal audits related to technology governance and compliance.
• Technology Compliance Program & Governance Lead the strategy and ongoing maturity of KeyBank’s technology compliance program, ensuring alignment with enterprise risk management (ERM) frameworks, risk appetite, and operational risk standards.
• Establish governance routines (e.g., review committees, advisory boards) to evaluate and oversee compliance considerations for emerging technology initiatives.
• Review and challenge first-line risk assessments, technology change proposals, model documentation, AI/ML implementations, automation solutions, and digital product enhancements.
• Partner with Legal and Technology to ensure compliance requirements are incorporated into technology planning, vendor evaluations, contract language, and business decisions.
• Emerging Technology Risk Oversight Provide expertise and oversight of risks associated with: AI/ML and algorithmic decisioning (fair lending, model transparency, explainability, governance).
• Digital assets, crypto, and blockchain‑adjacent use cases, including regulatory expectations from OCC, SEC, FinCEN, and state regulatory bodies.
• Automation, digital channel operations, cloud-native technology workflows, and end-user computing.
• Work with Model Risk Management (MRM) on compliance considerations for AI/ML models, including alignment with SR 11‑7 and responsible AI principles.
• Team Leadership & Collaboration Build, mentor, and develop a high-performing technology compliance team; establish scalable processes, documentation standards, and reporting mechanisms.
• Foster strong working relationships across Technology, Risk, Legal, Product, Internal Audit, and Regulatory Relations to ensure transparency and timely issue resolution.
• Exert influence without authority; facilitate compliance awareness and provide practical, risk-based guidance to stakeholders at all levels.
• Promote a culture that values innovation while maintaining disciplined risk management.
• Risk Identification, Monitoring & Reporting Identify, evaluate, and escalate technology-related compliance risks in accordance with enterprise policies.
• Monitor metrics, KRIs, and emerging themes related to technology compliance, reporting regular updates to senior leadership and applicable risk committees.
• Provide challenge to issue remediation plans and ensure timely, sustainable corrective actions.