Head of ETX Risk Management & Regulatory Compliance
MassMutual
•
Boston, MA
0
0
0
0
Not Applicable
Posted April 4, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- As a senior leader within the ETX Governance, Risk & Compliance organization, responsible for architecting and operating an integrated risk and compliance program across Cyber, AI, Data, Technology, and Resilience domains.
- This role leads a multidisciplinary team to identify, assess, monitor, and report risks while ensuring the technology organization meets all applicable regulatory, legal and industry obligations.
- The Head of Risk Management & Regulatory Compliance serves as a strategic advisor, translating complex risk and compliance requirements into actionable controls, providing risk quantification to support decision-ready insights.
- This leader ensures the organization maintains a strong risk posture, regulatory readiness, and a culture of accountability and transparency.
- The ETX Governance, Risk & Compliance Team is comprised of governance and risk professionals responsible for implementing governance processes and risk management practices for the ETX (Information Technology) organization.
- We work closely with our business and technology partners and succeed together by designing practical and effective governance and risk management solutions to support innovation and increase operational efficiency.
- Integrated Risk & Compliance Leadership
- Lead the enterprise-aligned Risk & Regulatory Compliance function across Cyber, AI, Data, Technology and Resilience domains
- Establish a unified risk taxonomy, risk assessment methodology, compliance gap assessment process and reporting structure that integrates with Enterprise Risk Management (ERM) and Compliance
- Serve as a trusted advisor on emerging risks, regulatory expectations, and strategic implications
- Governance & Oversight
- Ensure risk and compliance decisions follow defined governance pathways with clear ownership, escalation and documentation
- Maintain alignment with internal policies, external regulations, and industry frameworks
- Regulatory Compliance Management
- Oversee regulatory compliance obligations related to cybersecurity, data protection, AI governance, operational resilience, cloud and technology operations
- Maintain a regulatory inventory and ensure traceability from requirements to controls, testing and evidence
- Partner with Legal, Compliance, ERM and Audit to ensure readiness for examinations, attestations, certifications and regulatory inquiries
- In partnership with Compliance, monitor regulatory developments and translate them into actionable requirements, controls and implementation plans
- Risk Identification, Assessment & Quantification
- Oversee risk assessments across ETX-owned risk domains, including AI, cyber, data quality/privacy, operational technology and resilience risks
- Implement quantitative and qualitative risk measurement approaches to support prioritization and investment decisions
- Control Assurance & Continuous Compliance
- Partner with ETX teams to ensure controls are well-designed, tested and continuously improved
- Oversee remediation tracking and ensure timely closure of issues
- Embed risk and compliance expectations into technology and data lifecycle processes
- Emerging Risks
- Monitor emerging technologies and evolving threat landscapes to anticipate new risk and compliance requirements
- Resilience & Continuity Risk Oversight
- In partnership with Head of Enterprise Resilience, oversee risk and compliance assessments related to business continuity, disaster recovery, incident response, and operational resilience
- Ensure resilience metrics, testing, and scenario exercises are integrated into the broader risk and compliance program
- Reporting & Executive Communication
- Deliver clear, concise and actionable reporting to ETX leadership and other key stakeholders
- Translate technical risk and compliance insights into business-relevant narratives and recommendations
- Maintain, KRIs, KPIs, dashboards and heatmaps that reflect real-time risk and compliance posture
- Team Leadership & Talent Development
- Lead, mentor and develop a high-performing team of risk professionals across Cyber, AI, Data, Technology, Resilience and Regulatory Compliance domains
- Foster a culture of accountability, curiosity and continuous improvement
- Build a strong cross-functional partnership to strengthen risk and compliance awareness and ownership The Minimum Qualifications
- Proven leadership experience managing multi-disciplinary risk and compliance teams
- Deep understanding of technology architectures and operations, cloud environments, data ecosystems and AI/ML systems
- Exceptional communication skills with the ability to influence senior leaders and simplify complex topics
- Demonstrated ability to design and operationalize risk and compliance frameworks at scale
Commitments
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Not Met Priorities
What still needs stronger evidence
Requirements
- Build a strong cross-functional partnership to strengthen risk and compliance awareness and ownership The Minimum Qualifications
- Proven leadership experience managing multi-disciplinary risk and compliance teams
- Deep understanding of technology architectures and operations, cloud environments, data ecosystems and AI/ML systems
- Strong knowledge of regulatory and industry frameworks (NIST CSF, COBIT, privacy and cybersecurity regulations, AI governance standards, operational resilience requirements)
- 10+ years of experience in Technology Risk, Cybersecurity, Regulatory Compliance or related fields
- Exceptional communication skills with the ability to influence senior leaders and simplify complex topics
- Demonstrated ability to design and operationalize risk and compliance frameworks at scale
- Must be able to work in the US without sponsorship
- Experience in financial services or other highly regulated industries
- Certifications such as CRISC, CISM, CISSP, CISA, CIPM or similar credentials
- Background in risk quantification, regulatory examinations, or model risk management
- Success Measures
- A unified, transparent and actionable risk and compliance posture across all ETX-owned risk domains
- Strong leadership confidence in risk and compliance reporting
- Demonstrated regulatory readiness
- Measurable improvements in control effectiveness, risk management maturity and risk informed decision-making
Preferred Skills
- Experience in financial services or other highly regulated industries
- Certifications such as CRISC, CISM, CISSP, CISA, CIPM or similar credentials
- Background in risk quantification, regulatory examinations, or model risk management
- Access to learning content on Degreed and other informational platforms
Education
- (Not required) – Bachelor’s or master’s degree in computer science or related field
- (Not required) – Must be able to work in the US without sponsorship
The Opportunity
As a senior leader within the ETX Governance, Risk & Compliance organization, responsible for architecting and operating an integrated risk and compliance program across Cyber, AI, Data, Technology, and Resilience domains. This role leads a multidisciplinary team to identify, assess, monitor, and report risks while ensuring the technology organization meets all applicable regulatory, legal and industry obligations.
The Head of Risk Management & Regulatory Compliance serves as a strategic advisor, translating complex risk and compliance requirements into actionable controls, providing risk quantification to support decision-ready insights. This leader ensures the organization maintains a strong risk posture, regulatory readiness, and a culture of accountability and transparency.
The Team
The ETX Governance, Risk & Compliance Team is comprised of governance and risk professionals responsible for implementing governance processes and risk management practices for the ETX (Information Technology) organization. We work closely with our business and technology partners and succeed together by designing practical and effective governance and risk management solutions to support innovation and increase operational efficiency.
The Impact
Integrated Risk & Compliance Leadership
Lead the enterprise-aligned Risk & Regulatory Compliance function across Cyber, AI, Data, Technology and Resilience domains
Establish a unified risk taxonomy, risk assessment methodology, compliance gap assessment process and reporting structure that integrates with Enterprise Risk Management (ERM) and Compliance
Serve as a trusted advisor on emerging risks, regulatory expectations, and strategic implications
Governance & Oversight
Ensure risk and compliance decisions follow defined governance pathways with clear ownership, escalation and documentation
Maintain alignment with internal policies, external regulations, and industry frameworks
Regulatory Compliance Management
Oversee regulatory compliance obligations related to cybersecurity, data protection, AI governance, operational resilience, cloud and technology operations
Maintain a regulatory inventory and ensure traceability from requirements to controls, testing and evidence
Partner with Legal, Compliance, ERM and Audit to ensure readiness for examinations, attestations, certifications and regulatory inquiries
In partnership with Compliance, monitor regulatory developments and translate them into actionable requirements, controls and implementation plans
Risk Identification, Assessment & Quantification
Oversee risk assessments across ETX-owned risk domains, including AI, cyber, data quality/privacy, operational technology and resilience risks
Implement quantitative and qualitative risk measurement approaches to support prioritization and investment decisions
Control Assurance & Continuous Compliance
Partner with ETX teams to ensure controls are well-designed, tested and continuously improved
Oversee remediation tracking and ensure timely closure of issues
Embed risk and compliance expectations into technology and data lifecycle processes
Emerging Risks
Monitor emerging technologies and evolving threat landscapes to anticipate new risk and compliance requirements
Resilience & Continuity Risk Oversight
In partnership with Head of Enterprise Resilience, oversee risk and compliance assessments related to business continuity, disaster recovery, incident response, and operational resilience
Ensure resilience metrics, testing, and scenario exercises are integrated into the broader risk and compliance program
Reporting & Executive Communication
Deliver clear, concise and actionable reporting to ETX leadership and other key stakeholders
Translate technical risk and compliance insights into business-relevant narratives and recommendations
Maintain, KRIs, KPIs, dashboards and heatmaps that reflect real-time risk and compliance posture
Team Leadership & Talent Development
Lead, mentor and develop a high-performing team of risk professionals across Cyber, AI, Data, Technology, Resilience and Regulatory Compliance domains
Foster a culture of accountability, curiosity and continuous improvement
Build a strong cross-functional partnership to strengthen risk and compliance awareness and ownership The Minimum Qualifications
Proven leadership experience managing multi-disciplinary risk and compliance teams
Deep understanding of technology architectures and operations, cloud environments, data ecosystems and AI/ML systems
Strong knowledge of regulatory and industry frameworks (NIST CSF, COBIT, privacy and cybersecurity regulations, AI governance standards, operational resilience requirements)
10+ years of experience in Technology Risk, Cybersecurity, Regulatory Compliance or related fields
Exceptional communication skills with the ability to influence senior leaders and simplify complex topics
Demonstrated ability to design and operationalize risk and compliance frameworks at scale
Bachelor’s or master’s degree in computer science or related field
Must be able to work in the US without sponsorship
The Ideal Qualifications
Experience in financial services or other highly regulated industries
Certifications such as CRISC, CISM, CISSP, CISA, CIPM or similar credentials
Background in risk quantification, regulatory examinations, or model risk management
Success Measures
A unified, transparent and actionable risk and compliance posture across all ETX-owned risk domains
Strong leadership confidence in risk and compliance reporting
Demonstrated regulatory readiness
Measurable improvements in control effectiveness, risk management maturity and risk informed decision-making
A high-performing, engaged team recognized as trusted advisors across the organization
What to Expect as Part of MassMutual and the Team
Access to learning content on Degreed and other informational platforms
Focused one-on-one meetings with your manager
Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups
Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits
MassMutual is an equal employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
California residents: For detailed information about your rights under the California Consumer Privacy Act (CCPA), please visit our California Consumer Privacy Act Disclosures page.
As a senior leader within the ETX Governance, Risk & Compliance organization, responsible for architecting and operating an integrated risk and compliance program across Cyber, AI, Data, Technology, and Resilience domains. This role leads a multidisciplinary team to identify, assess, monitor, and report risks while ensuring the technology organization meets all applicable regulatory, legal and industry obligations.
The Head of Risk Management & Regulatory Compliance serves as a strategic advisor, translating complex risk and compliance requirements into actionable controls, providing risk quantification to support decision-ready insights. This leader ensures the organization maintains a strong risk posture, regulatory readiness, and a culture of accountability and transparency.
The Team
The ETX Governance, Risk & Compliance Team is comprised of governance and risk professionals responsible for implementing governance processes and risk management practices for the ETX (Information Technology) organization. We work closely with our business and technology partners and succeed together by designing practical and effective governance and risk management solutions to support innovation and increase operational efficiency.
The Impact
Integrated Risk & Compliance Leadership
Lead the enterprise-aligned Risk & Regulatory Compliance function across Cyber, AI, Data, Technology and Resilience domains
Establish a unified risk taxonomy, risk assessment methodology, compliance gap assessment process and reporting structure that integrates with Enterprise Risk Management (ERM) and Compliance
Serve as a trusted advisor on emerging risks, regulatory expectations, and strategic implications
Governance & Oversight
Ensure risk and compliance decisions follow defined governance pathways with clear ownership, escalation and documentation
Maintain alignment with internal policies, external regulations, and industry frameworks
Regulatory Compliance Management
Oversee regulatory compliance obligations related to cybersecurity, data protection, AI governance, operational resilience, cloud and technology operations
Maintain a regulatory inventory and ensure traceability from requirements to controls, testing and evidence
Partner with Legal, Compliance, ERM and Audit to ensure readiness for examinations, attestations, certifications and regulatory inquiries
In partnership with Compliance, monitor regulatory developments and translate them into actionable requirements, controls and implementation plans
Risk Identification, Assessment & Quantification
Oversee risk assessments across ETX-owned risk domains, including AI, cyber, data quality/privacy, operational technology and resilience risks
Implement quantitative and qualitative risk measurement approaches to support prioritization and investment decisions
Control Assurance & Continuous Compliance
Partner with ETX teams to ensure controls are well-designed, tested and continuously improved
Oversee remediation tracking and ensure timely closure of issues
Embed risk and compliance expectations into technology and data lifecycle processes
Emerging Risks
Monitor emerging technologies and evolving threat landscapes to anticipate new risk and compliance requirements
Resilience & Continuity Risk Oversight
In partnership with Head of Enterprise Resilience, oversee risk and compliance assessments related to business continuity, disaster recovery, incident response, and operational resilience
Ensure resilience metrics, testing, and scenario exercises are integrated into the broader risk and compliance program
Reporting & Executive Communication
Deliver clear, concise and actionable reporting to ETX leadership and other key stakeholders
Translate technical risk and compliance insights into business-relevant narratives and recommendations
Maintain, KRIs, KPIs, dashboards and heatmaps that reflect real-time risk and compliance posture
Team Leadership & Talent Development
Lead, mentor and develop a high-performing team of risk professionals across Cyber, AI, Data, Technology, Resilience and Regulatory Compliance domains
Foster a culture of accountability, curiosity and continuous improvement
Build a strong cross-functional partnership to strengthen risk and compliance awareness and ownership The Minimum Qualifications
Proven leadership experience managing multi-disciplinary risk and compliance teams
Deep understanding of technology architectures and operations, cloud environments, data ecosystems and AI/ML systems
Strong knowledge of regulatory and industry frameworks (NIST CSF, COBIT, privacy and cybersecurity regulations, AI governance standards, operational resilience requirements)
10+ years of experience in Technology Risk, Cybersecurity, Regulatory Compliance or related fields
Exceptional communication skills with the ability to influence senior leaders and simplify complex topics
Demonstrated ability to design and operationalize risk and compliance frameworks at scale
Bachelor’s or master’s degree in computer science or related field
Must be able to work in the US without sponsorship
The Ideal Qualifications
Experience in financial services or other highly regulated industries
Certifications such as CRISC, CISM, CISSP, CISA, CIPM or similar credentials
Background in risk quantification, regulatory examinations, or model risk management
Success Measures
A unified, transparent and actionable risk and compliance posture across all ETX-owned risk domains
Strong leadership confidence in risk and compliance reporting
Demonstrated regulatory readiness
Measurable improvements in control effectiveness, risk management maturity and risk informed decision-making
A high-performing, engaged team recognized as trusted advisors across the organization
What to Expect as Part of MassMutual and the Team
Access to learning content on Degreed and other informational platforms
Focused one-on-one meetings with your manager
Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups
Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits
MassMutual is an equal employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
California residents: For detailed information about your rights under the California Consumer Privacy Act (CCPA), please visit our California Consumer Privacy Act Disclosures page.