Director, Cyber Policy Modernization & Controls

About The Position

Requirements

• Proven experience in cybersecurity policy management, controls modernization, and regulatory alignment (preferably with CRI, NIST, ISO frameworks).
• Demonstrated leadership in cross-functional project delivery and BAU operations within a complex enterprise environment.
• Strong understanding of engineering controls, enterprise controls taxonomy, and control inventory management.
• Excellent communication, stakeholder management, and governance skills.

Nice To Haves

• Experience with AI-driven tools for control gap analysis and policy modernization is a plus.

Responsibilities

• Lead the end-to-end execution of the Cyber Policy Modernization project, including policy catalogue refresh, control statement standardization, and alignment with industry best practices and regulatory requirements.
• Establish and chair the Cybersecurity Policy Steering Committee for governance, oversight, and decision-making throughout the modernization lifecycle.
• Collaborate with process owners, subject matter experts, and engineering controls teams to identify gaps, baseline existing controls, and implement AI-driven tools for gap analysis and modernization.
• Oversee the development and mapping of control objectives, control statements, and risk statements to ensure clarity, consistency, and traceability.
• Drive the integration of continuous control monitoring, metrics, and reporting into the policy lifecycle.
• Ensure successful transition from project phase to BAU, embedding scalable assurance mechanisms and eliminating redundancies.
• Own and continuously improve the cyber controls framework, maintaining alignment with evolving regulatory, industry, and threat-driven requirements.
• Lead the ongoing governance, refresh, and publication of cybersecurity policies, standards, and procedures according to the established schedule.
• Maintain and enhance the Controls Inventory Master and ensure integration with the Controls Hub and enterprise controls taxonomy.
• Monitor control effectiveness, drive remediation of control gaps, and optimize resource allocation for operational resilience and cost efficiency.
• Oversee the implementation of measurable, business-focused metrics and dashboards for real-time risk and control management.
• Foster a culture of continuous improvement, stakeholder engagement, and cross-functional alignment across engineering, risk, and business units.
• Serve as the primary liaison between cybersecurity, engineering controls, enterprise controls, and business stakeholders.
• Advocate for policy outcomes, monitor implementation, and ensure transparency through regular reporting and communication.
• Coordinate with audit, regulatory, and risk management teams to ensure defensible, scalable, and compliant security posture.

Benefits

• BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy.
• We provide access to flexible global resources and tools for your life’s journey.
• Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.