Key skills
CloudCyber SecurityLeadershipRisk ManagementCommunicationDecision MakingCloud Security
About this role
Role Overview
- Provide independent oversight and credible challenge across Technology and Information Security domains including governance, controls, risk assessments, metrics, and issue management.
- Perform risk-based assessments to identify control gaps, thematic risks, and emerging threats.
- Develop independent risk opinions supported by analysis, evidence, and professional judgment.
- Evaluate alignment with applicable laws, regulations, and industry frameworks (e.g., NIST, FFIEC, PCI).
- Partner with business and risk stakeholders to support the implementation and maintenance of effective risk management frameworks.
- Identify gaps in processes, systems, controls and drive solutions to minimize risk exposure.
- Ensure risks are actively identified, monitored, escalated, and remediated as appropriate.
- Influence policies and procedures to strengthen the control environment and reduce regulatory risk.
- Build and maintain strong relationships with First Line stakeholders while maintaining independence and objectivity.
- Provide clear, concise, and executive-ready communication of risk posture, key issues, and trends.
- Engage senior leadership to support risk-informed decision making.
- Translate complex technical risks into actionable business insights.
- Lead, coach, or mentor risk and security professionals; support talent development and team capability.
- Contribute to strategic initiatives impacting enterprise technology, security and risk programs.
- Act as a subject matter expert on technology and cybersecurity risk and regulatory expectations.
- Promote a strong risk culture emphasizing accountability, transparency, and continuous improvement.
Requirements
- Bachelor's degree, or equivalent work experience
- Typically more than 10 years of applicable experience
- Advanced knowledge of information security domains (e.g., identity and access management, application security, cloud security, vulnerability management, incident response)
- Strong understanding of regulatory requirements and industry standards (e.g., NIST, FFIEC, PCI, and risk management frameworks)
- Experience performing risk assessments, control evaluations, and oversight activities
- Advanced understanding of business operations, systems, and associated risks and controls
- Ability to operate independently with strong judgment and professional skepticism
- Strong analytical, problem-solving, and decision-making skills
- Excellent written and verbal communication skills, including executive-level messaging
- Proven ability to influence stakeholders and challenge effectively without direct authority
- Strong leadership and management skills across people, processes, and projects
- Experience operating within Second Line of Defense, audit, or regulatory environments
- Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) preferred
- Advanced knowledge of regulatory environment and trends in financial services
Tech Stack
- Cloud
- Cyber Security
Benefits
- Healthcare (medical, dental, vision)
- Basic term and optional term life insurance
- Short-term and long-term disability
- Pregnancy disability and parental leave
- 401(k) and employer-funded retirement plan
- Paid vacation (from two to five weeks depending on salary grade and tenure)
- Up to 11 paid holiday opportunities
- Adoption assistance
- Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law