Cyber Risk Mgmt Principal

About The Position

Requirements

• Bachelor's Degree required in a related Information Technology or Computer Science discipline, or equivalent experience required.
• 5-7+ years' experience in a position in cyber risk management and/or adherence to regulatory requirements (e.g., PCI; FFIEC CAT; or GLBA) related to the financial services or other heavily regulated industry.
• Experience in reviewing ISO, SOC 1, and SOC 2 audit reviews as well as experience with formalizing MSA/SOWs and RFPs
• Experience in risk, compliance, vendor management or audit.
• Ability to set-up, facilitate and lead service improvement/'WorkOut' sessions with a range of business stakeholders (incl. Experience of process/value stream mapping).
• Takes accountability for ideas from inception to delivery, in an environment that requires robust metrics to confirm success.
• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group of partners, senior managers, and subject matter experts.
• Proven ability to manage positive relationships with all levels of management and affect key decisions and outcomes.
• Able to act independently and decisively when making decisions regarding both the technological and critical regulatory environment and daily business issues.
• Experience performing cyber risk reviews to assess security implications and requirements for introduction of new and existing vendors and technologies.
• Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.

Nice To Haves

• Former people management experience preferred

Responsibilities

• Lead & perform complex information security risk assessments of current and prospective third-party business and technology providers to assess their control structure and alignment to regulatory, federal/state guidelines and information security bank requirements and partner with internal stakeholders to assess the cyber risk the third party presents to the Bank.
• Partner with internal business units and third parties to inventory all services, status, performance, and cyber risk assessments.
• Ability to direct and provide thought leadership for a small team of third-party cybersecurity analysts.
• Complete a cyber risk assessment detailing third party's service inherent risk(s), strengths of cyber risk scores, along with any cyber risk control gaps presenting elevated risk to the Bank.
• Coordinate and lead cyber risk findings through use of formalized reviews, exception reporting, and cyber risk acceptance reporting.
• Oversee and confirm the resolution of any cyber risk gaps identified during the cyber risk assessment process.
• Maintain a very strong knowledge of the regulatory cyber risk requirements to ensure that each third party meets those requirements. Must be able to competently interpret and apply the requirements independently to mitigate cyber risk to the firm.
• Contribute to various departmental projects related to third party management activities. This could be as a project lead or supportive role to an existing project.
• Collaborate across various operational and enterprise risk lines of business to ensure all third-party cyber review processes are being met.
• Lead onboarding and offboarding of new and existing 3rd party cyber risk review assessments
• Perform annual audit of vendors to ensure cyber risk is within risk tolerance for the firm.
• Establish and mature continuous monitoring for the Bank's vendors.
• Build third-party incident response plan, along with existing cyber incident response plans.
• Develop KPI/KRI metrics for the 3rd party team.
• Participate and/or lead onsite evaluations for the Bank's vendors.
• Coaches and mentors' teams on capabilities of cyber risk as it pertains to 3rd party vendors.

Benefits

• health insurance coverage
• wellness program
• fertility and family building aids
• life and disability insurance
• retirement savings plans with a generous 401K match
• paid leave programs
• paid holidays
• paid time off (PTO)