Key skills
Cyber SecurityLeadershipRisk ManagementCommunication
About this role
Role Overview
- Partner with CIOs, senior leadership, and technology stakeholders to assess and communicate cybersecurity risk in business terms
- Influence prioritization of security investments and drive remediation strategies that align with enterprise risk tolerance
- Serve as the primary cybersecurity advisor to the business, interpreting enterprise policies, providing actionable guidance, and ensuring business initiatives comply with internal standards and regulatory requirements
- Identify, assess, and document security risks across products, applications, and third-party relationships
- Collaborate with remediation owners to develop and track resolution plans based on risk severity and business impact
- Deliver executive-level risk dashboards and metrics that provide transparency into the business’s security posture
- Ensure timely and meaningful communication of emerging risks and remediation progress
- Collaborate with the broader Cybersecurity and Risk organizations to ensure security strategies are pragmatic, risk-based, and aligned with both business priorities and technical capabilities
- Promote awareness of regulatory and industry obligations through targeted training, awareness campaigns, and proactive engagement
- Ensure the business maintains readiness for internal audits and external regulatory assessments
- Ensure security risk and controls assessments are conducted at appropriate intervals and with relevant depth based on evolving threats and business changes
- Guide technology teams in adopting enterprise cybersecurity tools, capabilities, and controls
- Stay current with the threat landscape, regulatory developments, and best practices
- Foster a security-first mindset across the business.
Requirements
- Bachelor’s degree in Computer Science, Information Security, Information Technology, or related discipline (or equivalent work experience)
- 10+ years of progressive experience in Information Security, Cyber Risk, or Technology Risk roles
- 5+ years in the financial services or banking industry with working knowledge of relevant regulations (e.g., GLBA, FFIEC, PCI, SOX)
- Proven experience influencing executive leadership and communicating complex technical risks in business terms
- Demonstrated success in leading cross-functional teams and delivering cybersecurity solutions at scale
- Experience with cybersecurity governance frameworks (e.g., NIST CSF, ISO/IEC 27001) and enterprise risk management practices
Tech Stack
- Cyber Security
Benefits
- Annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards