Cybersecurity Regulatory Program Manager

About The Position

Requirements

• Demonstrated program management capability with end‑to‑end ownership of time‑bound, non‑discretionary regulatory deliverables (e.g., CRI Profile assessments, GLBA reporting, NYDFS cybersecurity attestation), including planning, execution, quality control, and submission readiness
• Proven ability to design, document, and sustain repeatable, auditable operating models, including processes, procedures, templates, guidance, training materials, trackers, and evidence repositories
• Strong analytical skills to interpret cybersecurity risk and control metrics (KPI / KRI / KCI), identify data discrepancies, perform root‑cause analysis, and drive remediation to closure
• Excellent stakeholder management skills with the ability to coordinate across 1LOD, 2LOD, CCO, Technology, Group Cybersecurity teams, control owners, and non‑US ITSO teams to deliver outcomes on schedule
• Bachelor’s degree in a relevant discipline (e.g., IT, Risk, Cybersecurity) or equivalent practical experience
• Strong program management experience with end‑to‑end ownership of regulatory deliverables, including FFIEC CAT / CRI Profile‑type assessments and GLBA reporting
• Prior experience engaging with US Financial Services regulators (e.g., OCC, FRB); regulatory liaison experience preferred
• Solid understanding of US Financial Services regulatory requirements
• Comprehensive knowledge of banking and cybersecurity, aligned with broader industry trends and direction

Nice To Haves

• Industry certifications such as CISSP, CISA, or CISM preferred

Responsibilities

• Support regulatory engagements and examinations by coordinating responses, gathering evidence, and ensuring accuracy and completeness for regulators and senior leadership
• Build and maintain auditable ways of working, including standardized templates, guidance, training materials, trackers, and centralized evidence repositories
• Produce clear, well-supported reporting and briefing materials for senior management, the Board of Directors, and regulators on cybersecurity risk and compliance status
• Review cybersecurity risk and control metrics, identify data issues, drive root-cause analysis, and track remediation actions through closure
• Prepare materials and manage action tracking for recurring regulatory governance routines, including meeting packs, follow-ups, and escalation of risks and dependencies
• Manage the annual NYDFS cybersecurity attestation process, including evidence coordination and leadership briefing materials to support confident sign-off
• Drive remediation governance for US cybersecurity control gaps, obtaining remediation plans from control owners and tracking progress to closure
• Provide governance oversight for the US cyber service sustainability forum, escalating non-compliance and highlighting funding risks impacting service sustainability
• Represent US cybersecurity in application security governance forums and act as a point of contact for issue resolution and follow-through
• Lead through influence across cybersecurity, technology risk, and controls teams to meet fixed regulatory deadlines.

Benefits

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave
• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs
• Other benefits as provided by local policy and eligibility