Senior Compliance Specialist, Risk Assessment

The role:

The Senior Compliance Specialist, Risk Assessment is a key contributor within the second line of defense Compliance organization responsible for leading and executing the enterprise-wide Compliance Risk Assessment (CRA) program. This role is ideal for a strong “doer” with advanced knowledge of regulatory compliance, hands-on execution skills, and a bias for clarity, consistency, and impact. The role integrates compliance risk assessments with regulatory change impacts, control evaluations, and product/service risks.

This role will also support compliance risk taxonomy management, alignment to the Compliance Management System (CMS), and the development of data-driven reporting for senior leaders and regulators.

What you’ll do:

• Execute the annual Compliance Risk Assessment (CRA) across all business units, ensuring consistent risk scoping, regulatory mapping, and documentation standards.
• Integrate regulatory change management insights into the risk assessment process to reflect current and emerging risk trends and regulatory expectations.
• Collaborate with legal, product compliance officers, and first line risk leads to assess risk exposures tied to products, services, delivery channels, and regulations.
• Lead the design and maintenance of compliance risk libraries and taxonomies, ensuring alignment to federal/state laws and enterprise risk frameworks.
• Develop and maintain scoring methodologies for inherent risk, control effectiveness, and residual risk ratings using defensible and repeatable logic.
• Review and challenge business-unit risk assessments, ratings, and justifications; provide credible challenges and escalate discrepancies when necessary.
• Coordinate and facilitate walkthroughs, control discussions, and action planning with key stakeholders to remediate gaps and reinforce risk mitigation.
• Support linkages across compliance elements including control testing, issue management, regulatory change tracking, and compliance training.
• Produce executive-level dashboards and reporting that highlight risk posture, emerging risks, gaps, trends, and mitigation actions.
• Contribute to the continuous improvement of the CRA methodology, templates, and supporting tools to improve scalability, repeatability, and regulatory alignment.

What you’ll need:

• Bachelor’s degree in Business, Finance, Law, or related field.
• Minimum of 5 years of experience in regulatory compliance, legal, or compliance risk management in a bank or financial services company.
• Minimum of 3  years in a compliance or risk role within banking or financial services, with direct experience in compliance risk assessments.
• Proven ability to assess consumer and enterprise regulations (e.g., Reg E, Z, DD, FCRA, BSA/AML, ECOA, UDAAP) and translate into business impacts.
• Strong familiarity with CMS components including issue management, control testing, training, and regulatory change protocols.
• Experience working in the second line of defense with responsibility for oversight, challenge, and governance.
• Excellent analytical and writing skills; able to produce high-quality deliverables for internal and regulatory audiences.
• Adept at facilitating cross-functional discussions, documenting risk decisions, and driving accountability across stakeholders.

Nice to have:

• CRCM, CAMS, or CCEP certification are strongly preferred.
• Working knowledge of OCC 2017-43, OCC 2011-29, CFPB Examination Manual, and other regulatory guidance governing compliance risk and CMS.
• Experience conducting risk assessments that inform risk appetite, strategic risk planning, and regulatory reporting.
• Ability to interpret regulatory changes and their implications on existing controls, policies, and products.
• Prior experience with GRC platforms (e.g., ServiceNow) and regulatory inventory systems (e.g., Compliance AI, Regology, Cube).
• Familiarity with RCSA integration and risk/control rating methodologies.
• Experience preparing and supporting regulatory exam readiness or remediation workstreams.
• Demonstrated ability to operate in a fast-paced environment with evolving priorities and ambiguity.
• Proficient in Excel/(google)Sheets, PowerPoint/Slides, and data visualization tools for risk reporting.