Cyber Security Risk Governance Senior Associate

About The Position

Requirements

• Bachelor's degree preferred or equivalent experience.
• Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.
• Strong organizational, analytical, and documentation skills with high attention to detail.

Nice To Haves

• Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
• Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

Responsibilities

• Support the maintenance and alignment of cyber risk governance frameworks to enterprise and industry models (e.g., CRI, DTCC Corporate Risk Management Policy), including documenting governance processes for risk oversight, aggregation, and reporting.
• Support the mapping of policies to control standards, cyber risks, and KRIs to help maintain traceability across governance, reporting, and risk treatment activities.
• Assist in the development, maintenance, and periodic refresh of Cyber Security Risk Appetite and Risk Tolerance materials, including support for metric updates, documentation, and review coordination.
• Support the development, maintenance, and publication of cybersecurity policies and control standards within SmartSuite or other designated governance platforms.
• Maintain cyber risk taxonomy, top risk, and enterprise risk classification documentation, including support for updates, change tracking, and version control.
• Support top cyber risk identification and prioritization activities by coordinating inputs, maintaining supporting documentation, and preparing materials for annual assessments and review discussions.
• Coordinate credible challenge activities for top cyber risks by organizing stakeholder feedback, documenting outcomes, and tracking follow-up actions.
• Support Cyber Risk Institute (CRI) maturity and controls assessments through evidence gathering, coordination with stakeholders, and tracking of assessment outputs.
• Prepare and maintain governance committee reporting templates, recurring materials, and status updates to support consistent and comparable cyber risk reporting.
• Support the development of reporting content for senior management and governance forums, including cyber risk posture summaries, trends, and emerging themes.
• Coordinate with CSRO, GCRO, ORM, IT, and other stakeholders to help ensure consistent interpretation and application of cyber risk governance standards.
• Support alignment to applicable regulatory and industry cyber risk management expectations (e.g., NIST CSF, CRI Profile, or equivalent) through documentation, evidence preparation, and control mapping support.
• Partner across the Cyber Security Risk Office and first-line teams to support integrated governance, treatment, risk analytics, and reporting activities.
• Maintain traceability and auditability of governance outputs by organizing documentation, evidence, approvals, and decision records in line with internal audit and regulatory expectations.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.