Director, Cybersecurity Risk
Jersey City, Texas, United States of America
Full Time
1 hour ago
$126,000 - $255,000 USD
No Visa Sponsorship
Key skills
CloudCyber SecurityECSLeadershipRisk ManagementCommunicationCritical ThinkingPresentation SkillsCloud Security
About this role
Role Overview
- Lead in the creation of cyber risk analyses pertaining to ECS.
- Understand current and emerging cybersecurity risks and determine key risk scenarios for the ECS Product Areas.
- Conduct Product Area risk / threat modeling sessions to prioritize top risks (Quarterly).
- Advise on backlog prioritization based on risk (Quarterly).
- Advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings.
- Quantify cyber risk and present analyses that will allow senior management to make informed decisions based on resulting risk data.
- Provide data input into the ECS Heat Map Team.
- Work with Product Area/Squad leaders to drive lasting security decisions which will substantially mitigate Fidelity’s cyber risk.
- Evaluate multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement.
- Determine what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress.
Requirements
- Minimum 5-7 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders.
- Demonstrated experience in cybersecurity risk management.
- Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and SMEs, to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk analysis tools and communicate progress effectively across multiple lines and levels.
- Advanced understanding of NIST 800-53 Cybersecurity Framework and FAIR.
- CISSP, CCSP, OpenFAIR certifications preferred.
- Effective communication and excellent presentation skills to senior leaders.
- Ability to deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved.
- Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found is a must.
- Ability to work across business lines to influence, motivate change and help mitigate cyber risk.
- Advanced understanding of risks pertaining to the following: cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software.
- Mathematical/statistic mindset.
- Investigator approach to deep dive into metrics to understand and communicate actionable risk to senior leadership.
Tech Stack
- Cloud
- Cyber Security
Benefits
- comprehensive health care coverage and emotional well-being support
- market-leading retirement
- generous paid time off and parental leave
- charitable giving employee match program
- educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career