Director, Enterprise Cybersecurity Risk

About The Position

Requirements

• 8-10 years' experience in information technology risk, cyber security, controls or audit roles.
• Experience in fraud risk frameworks a plus.
• Prior experience in team management and leadership is preferred.
• Bachelor's Degree in Computer Science, Technology, or a related field of study preferred.
• Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred.
• Experience performing Technology risk assessments, Control assessments or IT Audits or implementing Cybersecurity controls for large scale financial service organizations.
• Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.).
• Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS).
• Strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
• Excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management.

Nice To Haves

• Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, HITRUST.
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages.

Responsibilities

• Providing technical direction and professional guidance to technology risk associates that fosters individual growth and development as well as team and organizational deliverables.
• Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation.
• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed.
• Conducting in-depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
• Assisting with developing and monitoring controls related to cybersecurity and to meet applicable security, audit, and regulatory requirements.
• Providing technical assistance on risk related systems issues, and serve as a liaison for technology risk management.
• Determining appropriate KPIs/KRIs for IT risk monitoring.
• Understanding and consulting on information security standards and industry best practices.
• Managing IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements.
• Liaising with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.

Benefits

• Comprehensive health care coverage and emotional well-being support.
• Market-leading retirement.
• Generous paid time off and parental leave.
• Charitable giving employee match program.
• Educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career.