Senior Risk Director- Cyber

Mid / Senior


Remote / Hybrid

Meytier Premier Employer

Working there

About This Workplace

Meytier Partner

As a cybersecurity risk director, you will work closely with senior management, IT, legal, and business units to align cybersecurity risk strategies with business objectives, communicate cyber risk posture and exposure, and provide guidance and recommendations on cybersecurity best practices and solutions. You will also manage a team of cybersecurity risk professionals and foster a culture of cybersecurity awareness and resilience across the organization.

Key Responsibilities:

  • Lead and develop a dedicated team of risk managers and specialists for a consistent and effective support model.
  • Establish and lead a cybersecurity risk management process enabling senior management to continually identify, analyze, assess, and treat IT and cybersecurity-related risks. Translate cyber/technical IT risks into business risks and potential impacts.
  • Define key risk metrics, controls, and control tests to measure and assess current levels of cybersecurity risk.
  • Oversight and reporting of Risk Control Self Assessments, Targeted Risk Reviews, and issue management activities.
  • Providing day to day leadership to the business lines providing knowledge and expertise on the appropriate implementation of strategic plans, regulatory compliance, risk mitigation and industry standards.
  • Gaining visibility into detailed risk assessments and advises the business line on appropriate risk mitigation actions.
  • Advising on new processes / products, initiatives and strategies from a risk and control perspective; guiding the business lines through the various governance approvals related to new initiatives ensuring proper controls.
  • Acting as lead for exam for product / function under review and participating in all important interactions with the regulators.
  • Establishing and maintaining an effective business relationship with business partners, key project stakeholders, second and third lines of defense and subject matter experts to advise and support business initiatives.

Desired Profile:

  • 10 years of experience in Cybersecurity and/or Information Technology 
  • 10 years of Risk Management experience gained from working in financial services industry, preferably in Cybersecurity/ Technology Risk or Operational Risk
  • Experience working with cloud computing related technologies including IaaS/SaaS/PaaS, DevSecOps, web application technology, operating system, database, and networking.
  • Familiar with network security, vulnerability management, identity management, API security, infrastructure, data loss prevention, incident and problem management, change management, cryptography, cloud security, configuration management, and other key areas.
  • Experience in an organization that is under strong regulatory oversight and scrutiny.
  • Intermediate knowledge of internal controls and risk self-assessment
  • Basic knowledge of business areas processes and/or products and operations; regulatory requirements; and key processes, controls, and exposure areas
  • Understanding of FFIEC guidelines and handbooks, GLBA, SOX, PCI
  • Knowledge of industry recognized frameworks such as ISO 27001, Cobit, COSO, ITIL, NIST 800-53, NIST Cybersecurity Framework
  • Ability to analyze and synthesize many risk data points and help the business to prioritize mitigation.
  • Ability to effectively communicate with all levels of the organization.
  • Project management skills to support multiple assignments on behalf of various stakeholders.
  • Leadership, coaching and staff development experience.
  • Bachelor’s Degree required; Master’s Degree preferred.
  • Relevant Certifications preferred:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Cloud security specialty certification in AWS and Azure 
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC).

Is this job not quite the right fit? No worries, Meytier has hundreds of active, open jobs. Browse more opportunities here. If you’d like to connect with a Meytier champion for help in your job search, create an account here.

© 2024 Meytier - All Rights Reserved.
   Privacy Policy    Terms Of Use