Director, Cyber Security Testing & Assurance

Citizens Bank•Iselin, NJ

8h•Hybrid

About The Position

We are seeking a highly experienced security leader to build and lead our Cyber Security Testing and Assurance organization. This role will have enterprise-wide responsibility for network penetration testing, red teaming, continuous control testing, cyber exercises, simulations, and assurance programs. The Lead Director will define strategy, manage execution, and ensure that testing and assurance activities provide actionable insights that strengthen the organization’s security posture and resilience. Reporting directly to senior leadership, this leader will partner with technology, risk, compliance, and business stakeholders to validate controls, identify gaps, and provide assurance that security investments are effective against real-world threats. Location: Candidates must be based in or willing to commute to one of the following hub locations with a hybrid schedule of four days onsite and one day remote per week: Johnston, RI – One Citizens Bank Way Pittsburgh, PA – 444 Liberty Ave Westwood, MA – 200 Station Drive Iselin, NJ – 101 Wood Avenue South Boston, MA – 28 State Street

Requirements

12+ years of progressive experience in cybersecurity, with at least 5+ years in testing, assurance, or offensive security leadership roles.
Proven experience leading large-scale penetration testing, red team operations, or cyber assurance programs.
Deep knowledge of security frameworks (NIST CSF, MITRE ATT&CK, CIS, ISO 27001) and regulatory expectations (PCI DSS, SOX, FFIEC, etc.).
Familiarity with tools and techniques for red teaming, pen testing, and control validation (e.g., Burp Suite, Cobalt Strike, Metasploit, Qualys, Tenable, or similar).
Strong track record of partnering with senior stakeholders, translating technical risks into business impacts.
Bachelor’s degree in Computer Science, Information Security, or related field (Master’s or certifications such as CISSP, OSCP, GPEN, GXPN, CISM, or CRISC preferred).

Responsibilities

Define and execute the vision and strategy for Cyber Security Testing and Assurance.
Establish program governance, KPIs, and reporting to senior executives and the Board.
Align testing and assurance activities with enterprise risk appetite and regulatory requirements.
Lead internal and external penetration testing programs, ensuring full coverage of enterprise assets.
Oversee red team operations to simulate real-world adversaries and advanced persistent threats.
Translate findings into prioritized, actionable remediation plans.
Develop and manage continuous testing of technical and process-level controls across cyber domains.
Validate control effectiveness against frameworks such as NIST CSF, CIS, ISO, and FFIEC.
Deliver executive-level assurance reporting to demonstrate security maturity and control effectiveness.
Design and lead tabletop exercises, purple team engagements, and large-scale simulations.
Partner with incident response, business continuity, and risk teams to test preparedness and response capabilities.
Drive lessons-learned programs to enhance resilience and reduce response times.
Build and lead a high-performing team of penetration testers, red teamers, control testers, and assurance specialists.
Influence senior technology and business leaders to close gaps and strengthen controls.
Act as a trusted advisor to executives on threat readiness, resilience, and security assurance.