Head of ETX Risk Management & Regulatory Compliance

Overview

A career with us means you’ll work alongside exceptional people and be empowered to reach your professional and personal goals. Our employees are at the foundation of what enables MassMutual to deliver on our purpose to help people secure their futures and protect the ones they love.

We embrace the idea that we all are stronger and better through our support for one another. We strive to create a culture where employees feel valued and are celebrated for who they are.

The Opportunity

As a senior leader within the ETX Governance, Risk & Compliance organization, responsible for architecting and operating an integrated risk and compliance program across Cyber, AI, Data, Technology, and Resilience domains. This role leads a multidisciplinary team to identify, assess, monitor, and report risks while ensuring the technology organization meets all applicable regulatory, legal and industry obligations.

The Head of Risk Management & Regulatory Compliance serves as a strategic advisor, translating complex risk and compliance requirements into actionable controls, providing risk quantification to support decision-ready insights. This leader ensures the organization maintains a strong risk posture, regulatory readiness, and a culture of accountability and transparency.

The Team

The ETX Governance, Risk & Compliance Team is comprised of governance and risk professionals responsible for implementing governance processes and risk management practices for the ETX (Information Technology) organization. We work closely with our business and technology partners and succeed together by designing practical and effective governance and risk management solutions to support innovation and increase operational efficiency.

The Impact

• Integrated Risk & Compliance Leadership
  • Lead the enterprise-aligned Risk & Regulatory Compliance function across Cyber, AI, Data, Technology and Resilience domains
  • Establish a unified risk taxonomy, risk assessment methodology, compliance gap assessment process and reporting structure that integrates with Enterprise Risk Management (ERM) and Compliance
  • Serve as a trusted advisor on emerging risks, regulatory expectations, and strategic implications
• Governance & Oversight
  • Ensure risk and compliance decisions follow defined governance pathways with clear ownership, escalation and documentation
  • Maintain alignment with internal policies, external regulations, and industry frameworks
• Regulatory Compliance Management
  • Oversee regulatory compliance obligations related to cybersecurity, data protection, AI governance, operational resilience, cloud and technology operations
  • Maintain a regulatory inventory and ensure traceability from requirements to controls, testing and evidence
  • Partner with Legal, Compliance, ERM and Audit to ensure readiness for examinations, attestations, certifications and regulatory inquiries
  • In partnership with Compliance, monitor regulatory developments and translate them into actionable requirements, controls and implementation plans
• Risk Identification, Assessment & Quantification
  • Oversee risk assessments across ETX-owned risk domains, including AI, cyber, data quality/privacy, operational technology and resilience risks
  • Implement quantitative and qualitative risk measurement approaches to support prioritization and investment decisions
• Control Assurance & Continuous Compliance
  • Partner with ETX teams to ensure controls are well-designed, tested and continuously improved
  • Oversee remediation tracking and ensure timely closure of issues
  • Embed risk and compliance expectations into technology and data lifecycle processes
• Emerging Risks
  • Monitor emerging technologies and evolving threat landscapes to anticipate new risk and compliance requirements
• Resilience & Continuity Risk Oversight
  • In partnership with Head of Enterprise Resilience, oversee risk and compliance assessments related to business continuity, disaster recovery, incident response, and operational resilience
  • Ensure resilience metrics, testing, and scenario exercises are integrated into the broader risk and compliance program
• Reporting & Executive Communication
  • Deliver clear, concise and actionable reporting to ETX leadership and other key stakeholders
  • Translate technical risk and compliance insights into business-relevant narratives and recommendations
  • Maintain, KRIs, KPIs, dashboards and heatmaps that reflect real-time risk and compliance posture
• Team Leadership & Talent Development
  • Lead, mentor and develop a high-performing team of risk professionals across Cyber, AI, Data, Technology, Resilience and Regulatory Compliance domains
  • Foster a culture of accountability, curiosity and continuous improvement
  • Build a strong cross-functional partnership to strengthen risk and compliance awareness and ownership

The Minimum Qualifications

• Proven leadership experience managing multi-disciplinary risk and compliance teams
• Deep understanding of technology architectures and operations, cloud environments, data ecosystems and AI/ML systems
• Strong knowledge of regulatory and industry frameworks (NIST CSF, COBIT, privacy and cybersecurity regulations, AI governance standards, operational resilience requirements)
• 10+ years of experience in Technology Risk, Cybersecurity, Regulatory Compliance or related fields
• Exceptional communication skills with the ability to influence senior leaders and simplify complex topics
• Demonstrated ability to design and operationalize risk and compliance frameworks at scale
• Bachelor’s or master’s degree in computer science or related field
• Must be able to work in the US without sponsorship

The Ideal Qualifications

• Experience in financial services or other highly regulated industries
• Certifications such as CRISC, CISM, CISSP, CISA, CIPM or similar credentials
• Background in risk quantification, regulatory examinations, or model risk management

Success Measures

• A unified, transparent and actionable risk and compliance posture across all ETX-owned risk domains
• Strong leadership confidence in risk and compliance reporting
• Demonstrated regulatory readiness
• Measurable improvements in control effectiveness, risk management maturity and risk informed decision-making
• A high-performing, engaged team recognized as trusted advisors across the organization

What to Expect as Part of MassMutual and the Team

• Access to learning content on Degreed and other informational platforms
• Focused one-on-one meetings with your manager
• Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups
• Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits

#LI-MC1