I was told the committee is in charge of overseeing the bank's risk as a whole and will report to the board.
that's pretty broad...for instance, if the bank forgets to pay its electric bill, there is a risk you will be without power. If 5 people in a branch of 6 call in, you have issues opening the branch. Are the the type of risks you are talking about?
Start with the charter, as suggested, and define the types of risk you will be looking at...fraud, access, DDoS attacks, account takeovers, credit, wire, loss prevention to name a few.