Director of Cyber Risk, Governance & Compliance Technology

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems or related discipline with at least ten (10) years of related experience, or equivalent training and / or work experience
• Minimum of 5 years of technical project, program and / or practice area oversight.
• Past experience influencing decisions and building conscience across internal and external partners
• Knowledge of business, technology and management principles involved in strategic planning, organizational change management, resource allocation, human resources modeling, leadership technique, and coordination of people and resources.
• Experience must include direct experience in one of the following areas: strategy, software development, operations, engineering, development services, information security, and / or compliance.
• Extensive knowledge of industry leading technology best practices including familiarity with technology methodologies including at least one of ISO-9000, ITIL, Agile and iterative.
• Excellent written and verbal technical communication skills.
• Demonstrated ability to develop effective working relationships and leverage those relationships to improve the quality of work products.
• Must be able to identify, evaluate and recommend processes, tools, technologies and / or products to meet business and budgetary requirements.
• Should be well organized, thorough, and able to handle competing priorities.
• Ability to maintain focus and develop proficiency in new skills rapidly.
• Ability to work in a fast paced environment.

Nice To Haves

• Master’s degree and past Financial Services industry experience preferred.

Responsibilities

• Drive efforts that align with Cyber’s strategy for high priority projects for the company.
• Develop and lead innovative, data-driven approaches to strengthening security posture
• Drive effective cybersecurity risk management and due diligence approaches while supporting business imperatives
• Manage and grow a dynamic team of people in the cybersecurity and risk domains
• Establish relationships with information security and risk management teams, becoming a trusted adviser for cybersecurity risk, control and reporting challenges
• Maintain a comprehensive understanding of the firm's information security processes and controls, and consult process owners as new initiatives, risks, threats, control activities, and issues emerge
• Align and implement enterprise cybersecurity requirements for the division by working with Enterprise Ops & Tech, and business stakeholders to analyze changes, assess impact, refine implementation approach, and establish compliance reporting
• Lead engagements and presentations on top risks, trends and internal controls for senior department/divisional leadership, risk oversight, and cross-business consumption
• Demonstrate compliance with the following frameworks: NIST FISMA/FedRAMP, NIST CSF, CJIS, RegSCI and PCI-DSS
• Directly manage and/or influence separate teams focused on delivering high quality results within one or more major technology disciplines: strategy, software development, operations, engineering, development services, information security, and compliance.
• Focus on coordination with internal and external partners to deliver methods, procedures, practices, documents and results to increase reliability and usability of technology while optimizing costs and return on investment.
• Deliver results based upon FINRA annual goals, department goals and management requests.
• Direct and coordinate organization's financial and budget activities to fund operations, maximize investments, and increase efficiency for a program, project and/or practice area.
• Provides leadership in technology best practices
• Analyze information and evaluate results to choose the best solutions and solve problems.
• Support the evaluation of new technologies, techniques, and tools.
• Report status and issues to senior Technology management team.
• Work directly with outside vendors to negotiate services and product agreements
• Serve on as backup to more senior level management as needed.
• Develop constructive and cooperative working relationships with peers both within and outside of Technology, and maintain them over time.
• Contribute to the establishment, evolution and continued compliance with standard practices and processes within the disciplines.
• Assist with adherence to technology policies and comply with all security controls.
• Ensure all work products meets /exceeds FINRA standards and risks are effectively managed.
• Participate in periodic Disaster Recovery (DR), Business Continuity Planning (BCP) and Sarbanes Oxley (SOX) testing and reporting.
• Identify and hire resource/skills needed within their organization.
• Responsible for staff performance management and training.
• Coordinate assignment of subordinate staff.

Benefits

• Employees may be eligible for a discretionary bonus in addition to base pay.
• Non-exempt employees are also eligible for overtime pay in accordance with federal, state, or local law.
• As part of its dedication to employee wellness, FINRA provides comprehensive health, dental and vision insurance.
• Additional insurance includes basic life, accidental death and dismemberment, supplemental life, spouse/domestic partner and dependent life, and spouse/domestic partner and dependent accidental death and dismemberment, short- and long-term disability, long-term care, business travel accident, disability and legal.
• FINRA offers immediate participation and vesting in a 401(k) plan with company match and eligibility for participation in an additional FINRA-funded retirement contribution, tuition reimbursement, commuter benefits, and other benefits that support employee wellness, such as adoption assistance, backup family care, surrogacy benefits, employee assistance, and wellness programs.
• Time Off and Paid Leave FINRA encourages its employees to focus on their health and wellness in many ways, including through a generous time-off program of 15 days of paid time off, 5 personal days and 9 sick days, unless otherwise required by law (all pro-rated in the first year).
• Additionally, we are proud to support our communities by providing two volunteer service days (based on full-time schedule).
• Other paid leave includes military leave, jury duty leave, bereavement leave, voting and election official leave for federal, state or local primary and general elections, care of a family member leave (available after 90 days of employment); and childbirth and parental leave (available after 90 days of employment).
• Full-time employees receive nine paid holidays.