Cybersecurity Governance Manager

About The Position

Requirements

• Bachelor's Degree with a focus in Cybersecurity, Information Technology disciplines or equivalent experience.
• Minimum of 5 - 7 years of experience in planning, designing, implementing and managing technology and cybersecurity governance and controls framework in the financial industry or other regulated industry.
• Minimum 3 - 5 years in a leadership role with a strong ability to influence peers, leaders and team members at all levels and across functional lines.
• In-depth knowledge of cybersecurity frameworks, such as NIST, SOC2, and CIS.
• In-depth knowledge of cybersecurity laws and regulations, industry standards and best practices including GLBA 501(b), NYDFS and PCI.
• Excellent verbal and written communication and presentation skills with the ability to prepare and deliver complex data in a way that is concise/understandable.
• Strong organizational and program management skills.
• Ability to effectively respond to shifting priorities and assignments.
• Sound analytical, problem solving and research skills.
• Proficient in computer skills in Microsoft Office suite - Word, Excel, and PowerPoint.
• Self-motivation with proven ability to be adaptable to a dynamic, fast-paced work environment with multiple priorities and strict timelines.

Nice To Haves

• Familiarity with GRC, metrics, and reporting tools like Archer, Anecdotes, Power BI, or equivalent software a plus.

Responsibilities

• Establish and maintain a security governance framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework to ensure effective oversight and accountability.
• Oversee the technology and cybersecurity policy program, which includes policy and control drafting, facilitating cross-functional input, and enforcement of policies, procedures, and controls.
• Maintain the company’s technology and cybersecurity risk and controls matrix in alignment with multiple frameworks, including SOC2, CIS, PCI, NIST CSF, NIST 800-53, and NYDFS Part 500.
• Lead the annual enterprise technology and cybersecurity risk assessment.
• Establish an automated technology and cyber governance risk and compliance (GRC) program to continuously monitor and report on technology and cyber risk and control effectiveness.
• Lead the company’s annual NYDFS Part 500 Cybersecurity self-assessment.
• Oversee and facilitate the annual SOC2 audit and any exams and assessments focused on technology and cybersecurity controls from state examiners, regulators, and OneMain partners.
• Educate, influence and provide clear directives for technology projects, either directly or through committees, to ensure the consistent application of policies, standards and controls across all technology projects, systems and services.
• Partner and coordinate with the enterprise risk management team, internal audit, and other functions within the cyber risk team to ensure appropriate oversight and management of cyber risks and controls in-line with OneMain’s enterprise risk management framework.
• Partner with cybersecurity architects, engineers, and technology operations teams to ensure governance programs for access privileges, applications, cloud environments, asset management, artificial intelligence, and other technology functions are implemented and maintained according to cybersecurity standards and guidelines.
• Lead a metrics and reporting program to measure the efficiency and effectiveness of the cybersecurity program for senior management providing insights, trends and recommendations.