Cyber Security Technical GRC – VP

About The Position

Requirements

• 6–10+ years of experience across risk management, cloud information security governance, and/or IT audit; prior a udit experience is a plus.
• Strong understanding of cloud architecture and provider integrations , including how enterprise servers and services interface with cloud providers
• Experience auditing cloud technologies , wearing multiple hats in GRC contexts, writing executive-ready reports , and relaying risk to executives .
• High technical knowledge across cybersecurity domains (IAM, Data Security, Configuration Management, Log Generation, Incident Response, S ecurity risk A ssessment/ T esting M ethodologies, Secure SDLC), with specific experience evaluating the adequacy and efficiency of C loud C ontrols .
• Knowledge of domestic and international banking regulations (e.g., Reg W, Basel II, FFIEC, GDPR ) and experience with enforcement agency oversight activities (e.g., MRAs, consent orders ), especially within systemically important financial institutions.
• Understanding of the regulatory environment and expectations related to technology risk ( OCC , FRB , and Cyber Risk Institute (CRI) ).
• Professional certifications in major cloud providers for security
• Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience

Responsibilities

• Cloud & Cyber Risk Management Drive risk management initiatives for multi cloud environments ; ensure alignment with enterprise security standards and regulatory expectations.
• Understand the technical architecture and operational setup of cloud servers and provider integrations to evaluate exposure, control effectiveness, and residual
• Support internal projects addressing cloud cybersecurity threats; assess the effectiveness and comprehensiveness of first-line cyb ersecurity controls
• Review and challenge risk assessments, scenario analyses, control testing, and remediation plans; assist with issue oversight and escalations.
• Monitor and analyze risk trends (internal and external) to proactively mitigate potential issues impacting cloud security posture.
• Promote actions to address root causes of risks
• Cybersecurity Controls & Reporting Represent EIS GRC in working groups focused on cloud security and multi levels of reporting
• Translate complex cloud and cybersecurity concepts into clear business terms for non-technical stakeholders and senior management across the Combined U.S. Operations.
• Prepare concise, executive-level reports on risk management activities, control outcomes, and emerging issues for senior leadership.
• Cyber Risk Quantification Collaborate on initiatives that strengthen the enterprise cybersecurity program; ensure projects align with the cloud security governance model.
• Regularly review and update risk frameworks to reflect changes in the cloud threat landscape , including Oracle-specific risks.
• Lead discussions at all levels to incorporate cloud security risk elements into business strategies and decision-making.
• Guidelines of business through cloud security assessments, translating technical/security questions into business impact and prioritization .
• Auditing & Compliance Conduct and/or oversee audits and other assessments of cloud technologies and on-prem technologies , ensuring effectiveness, sustainability, and maturity con trols.
• Ensure adherence to regulatory requirements and internal policies, including coordination on remediation of identified gaps.
• Support oversight activities related to enforcement agencies, regulatory examinations, and related obligations.
• Emerging Security Trends Stay current with multiple Cloud platforms for best practices , emerging technologies, and regulatory changes impacting cloud environments.
• Leverage insights to enhance the security posture and influence strategic roadmaps across business and technology teams.
• KRIs & Metrics Influence comprehensive and consistent practices to identify , measure, monitor, report, and manage information risks.
• Ensure metric quality and relevance (e.g., control efficacy, incident trends, misconfiguration rates, vulnerability aging, and remediation timeliness).