Cybersecurity & Technology Risk Officer

About The Position

Requirements

• 10+ years of progressive experience in Information Security, Cyber Risk, or Technology Risk roles
• 5+ years in the financial services or banking industry with working knowledge of relevant regulations (e.g., GLBA, FFIEC, PCI, SOX)
• Proven experience influencing executive leadership and communicating complex technical risks in business terms
• Demonstrated success in leading cross-functional teams and delivering cybersecurity solutions at scale
• Experience with cybersecurity governance frameworks (e.g., NIST CSF, ISO/IEC 27001) and enterprise risk management practices
• Strong business acumen and the ability to apply risk-based thinking to diverse technical environments
• Excellent interpersonal and communication skills with executive presence
• Adept at balancing business objectives with security imperatives
• Ability to operate with a sense of urgency in high-stakes, highly regulated environments
• Strategic mindset with the ability to execute operationally

Nice To Haves

• CISSP (Certified Information Systems Security Professional); CRISC, CISM, or other risk-related certifications

Responsibilities

• Executive Engagement & Risk Advisory Partner with CIOs, senior leadership, and technology stakeholders to assess and communicate cybersecurity risk in business terms. Influence prioritization of security investments and drive remediation strategies that align with enterprise risk tolerance.
• Cybersecurity Consulting & Enablement Serve as the primary cybersecurity advisor to the business, interpreting enterprise policies, providing actionable guidance, and ensuring business initiatives comply with internal standards and regulatory requirements.
• Risk Identification & Mitigation Identify, assess, and document security risks across products, applications, and third-party relationships. Collaborate with remediation owners to develop and track resolution plans based on risk severity and business impact.
• Metrics & Reporting Deliver executive-level risk dashboards and metrics that provide transparency into the business’s security posture. Ensure timely and meaningful communication of emerging risks and remediation progress.
• Policy & Strategy Alignment Collaborate with the broader Cybersecurity and Risk organizations to ensure security strategies are pragmatic, risk-based, and aligned with both business priorities and technical capabilities.
• Compliance & Awareness Promote awareness of regulatory and industry obligations through targeted training, awareness campaigns, and proactive engagement. Ensure the business maintains readiness for internal audits and external regulatory assessments.
• Security Assessments & Continuous Improvement Ensure security risk and controls assessments are conducted at appropriate intervals and with relevant depth based on evolving threats and business changes. Continuously refine assessment methodologies to improve effectiveness and efficiency.
• Technology Enablement & Governance Guide technology teams in adopting enterprise cybersecurity tools, capabilities, and controls. Assist in prioritizing adoption based on risk impact and business value.
• Threat & Trend Monitoring Stay current with the threat landscape, regulatory developments, and best practices. Apply insights to anticipate future risks and inform business-specific security planning.
• Team & Culture Leadership Foster a security-first mindset across the business. Promote high performance, collaboration, and continuous development within the extended risk and technology teams.