Director Cyber and Technology Risk - Cloud, Architecture, Emerging Technologies

About The Position

Requirements

• 7-10 years of experience in cyber and technology security.
• 7-10 years of work experience in a mid-large size organization.
• 3-5 years as a Cloud Security professional.
• 3-5 years of hands-on application development experience.
• Strong knowledge of Cloud platforms and offerings, Cloud Risks, and Cloud application deployments.
• Expertise in Cloud and Blockchain Integration, including API security, data privacy, and hybrid cloud environments.
• Strong understanding of AI, generative AI, and machine learning concepts, including ML/AI model development and risk management best practices.
• Strong knowledge of IT security frameworks, regulations, and industry best practices.
• Proficiency in enterprise technology/security architecture.
• Expertise in blockchain architecture, governance models (e.g., DAOs), and cryptographic principles.
• Knowledge of digital asset custody, tokenized assets, and associated risks.
• Experience in managing a team.
• Bachelor’s Information Security / Information Technology / Computer Science or relevant experience.

Nice To Haves

• Experience within Operational Risk.
• Experience in developing metrics (KRIs or KPIs).
• Experience working with cross-functional teams in agile environments.
• Familiarity with global and local regulations related to digital assets (e.g., AML, KYC, sanctions compliance).
• Knowledge of blockchain-specific attack vectors (e.g., 51% attacks, Sybil attacks, oracle manipulation).
• Certifications: CISSP, CRISC, CCSP, CCSK, AWS Security, Azure Security, CISM, CRISC, Certified Blockchain Security Professional (CBSP), Certified Blockchain Expert (CBE).

Responsibilities

• Champion managing risk rather than risk avoidance by seeking solutions.
• Maintain knowledge of emerging technologies, threats/vulnerabilities, and risk management practices and their implications to the business platform.
• Leverage data-driven insights to provide opinions and challenge on key risk indicators.
• Support the completion of thematic reviews, scenario analysis, external event analysis, new change initiative assessments, and development of risk profiles for senior management, board, and regulators.
• Work closely with the first line to provide effective cyber and technology oversight and challenge on Risk and Control Self-Assessments, Operational Risk Event Reviews, IT Risk Assessments, and Integrated Risk Profiles to validate the business is operating within Risk Appetite.
• Maintain assigned Domain Risk Profiles to provide a strong fact-based opinion on the IT/Cyber Risk profile.
• Provide oversight and effective challenge on AI and generative AI IT/Cyber risks within the 2nd line of defense, including in-depth risk reviews of solutions and approaches being deployed.
• Oversee blockchain-related projects, ensuring alignment with regulatory and internal risk requirements.
• Monitor emerging blockchain threats and vulnerabilities, providing actionable insights to stakeholders.
• Develop and maintain key internal and external relationships to provide advice and oversight on standard compliance, support operational risk program adherence, and effective incident reporting.
• Support IT/Cyber-related regulatory examinations, requests, assessments, and reporting.
• Recommend changes to IT/Cyber policies and standards to maintain currency and relevance to Cloud, AI, emerging technologies, and blockchain-enabled platforms.
• Proactively manage complex and sometimes competing relationships with key local, regional, and global stakeholders.

Benefits

• bonuses
• flexible benefits