Cybersecurity Risk & Compliance Assessment Lead

About The Position

Requirements

• 7+ years of experience in IT risk, audit, compliance, or control assessment, including at least 3 years of internal or external audit experience leading reviews and managing stakeholders in large financial institutions.
• Proven ability to lead projects and teams, manage multiple assessment reviews, and collaborate effectively across functions in complex environments.
• Exceptional written and verbal communication skills, with the ability to translate complex technical and regulatory information into clear, actionable messaging for diverse audiences including senior leaders, stakeholders, and clients.
• Detail-oriented with strong documentation skills and a demonstrated ability to learn and apply new concepts quickly.
• Skilled in critical thinking, root cause analysis, and structured problem-solving to drive continuous improvement.
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.
• Strong background in information security, IT General Controls, risk and control frameworks, and regulatory compliance, including hands-on experience with SOX, SOC, PCI, and regulatory technology assessments.
• Growth mindset with the ability to drive strategy and execute at scale.

Nice To Haves

• CISA, CIA, CPA, CISSP, or similar industry-recognized risk and risk certifications are preferred.

Responsibilities

• Lead and execute comprehensive, independent evaluations of control and compliance assessments across all phases—planning, execution, and reporting—ensuring accuracy, reliability, consistency, and compliance throughout.
• Operate independently to document assessment results with clear workpapers, findings, improvement opportunities, and remediation actions.
• Oversee and perform testing of GTCA controls and processes, ensuring assessments are based on verified evidence and aligned with assessment methodologies and practices to address all relevant regulatory requirements, risks, and controls.
• Present review progress, key insights, and strategic recommendations to senior leadership and governance committees.
• Proactively identify, manage, and mitigate delivery risks by addressing potential obstacles and implementing contingency strategies to sustain program momentum.
• Foster a culture of continuous improvement and operational excellence, providing training and driving innovation in methodologies and processes.
• Leverage your expertise in assurance and review methodologies to ensure methodological rigor, consistent application of standards, and thorough review and validation of deliverables.
• Review assessments and reports to validate they are completed on schedule, based on verified data, and address relevant regulatory requirements, risks, and controls.
• Evaluate ongoing improvements to processes and tools, and verify that team members are well-trained and knowledgeable about current regulations and assessment practices.
• Ensure assessments are objective, transparent, and ethically conducted, maintaining confidentiality and data privacy, and compliance with all relevant laws, regulations, and internal policies.