Director of Cybersecurity Governance, Risk & Compliance

About The Position

Requirements

• Demonstrated ability to operationalize the FFIEC IT Examination Handbooks, NIST CSF, and the CRI Profile into practical, auditable controls and testing procedures.
• Proven experience owning or leading Third Party Risk Management, control frameworks, and/or Business Continuity Management programs in a regulated environment.
• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
• Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
• Experience with GRC platforms and workflow/ticketing systems.
• Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management, auditors, regulators, and fintech partners.
• Bias for automation and measurable outcomes.
• Comfortable in fast-moving, high-accountability settings.
• 10+ years in Cybersecurity Risk, Governance, Compliance, Security Operations, and/or risk engineering. Experience in regulated industries, especially financial services, strongly preferred.
• 3+ years managing a Cybersecurity Risk, Governance, and Compliance team.
• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or related field; equivalent experience considered.

Nice To Haves

• Certifications preferred: CRISC, CISA, CISSP, CISM, CCSK/CCSP, AZ-500 (or comparable).

Responsibilities

• Lead the Security GRC team responsible for Third Party Risk Management, control governance and testing, Business Continuity Management, and access governance.
• Set the vision, roadmap, and priorities for the Security Program in partnership with the CISO, other Security & IT functions, and Enterprise Risk Management.
• Mentor and develop team members. Define clear goals, performance expectations, and development plans.
• Act as a key advisor to security and business leadership on cyber and technology risk posture, tradeoffs, and remediation priorities.
• Own the Security Program and ensure that regulatory, contractual, and internal security requirements are satisfied across the enterprise and BaaS/fintech ecosystem.
• Define and maintain the enterprise control baseline mapped to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, aligning with GLBA, SOX, and PCI-DSS where applicable.
• Author and approve control narratives, RACI, evidence requirements, testing procedures, and control objectives. Author and maintain cybersecurity governance documents, such as policies and standards.
• Work with technical control owners to implement processes and automations aligned to written controls, policies, and standards.
• Champion “policy as code” and guardrails (e.g., identity, configuration, network segmentation, logging/monitoring) in partnership with Security Engineering and IT.
• Oversee targeted cyber/IT risk assessments for technology changes, third parties, products, and fintech programs and ensure clear articulation of inherent and residual risk.
• Maintain a centralized log of issues, control gaps, and remediation plans; ensure sustainable fixes and prevent recurrences by updating baselines, standards, and automation.
• Partner with Enterprise Risk Management on risk acceptance, watch lists, and aggregation of security risks into enterprise risk reporting.
• Own the design and execution of access certification campaigns across key systems and applications (e.g., core banking, identity platforms, cloud, fintech partner integrations).
• Own the Third Party Risk Management (TPRM) program for vendors who provide services to the Bank.
• Define and maintain risk-based onboarding, due diligence, and ongoing monitoring processes for third parties.
• Lead cybersecurity reviews of fintech partners, including evaluation of controls, data flows, architecture, and shared-responsibility models.
• Partner with Procurement, Legal, and Business Lines to ensure contracts and SLAs reflect appropriate security, privacy, and resilience requirements.
• Track remediation of vendor and fintech security issues and report status and residual risk to stakeholders and governance committees.
• Own the Business Continuity Management Program execution for the Bank in coordination with key stakeholders. Ensure business impact analyses (BIA), recovery strategies, plans, and playbooks are defined, maintained, and tested for critical business processes and supporting technologies.
• Plan and coordinate BCP/DR exercises, including lessons-learned reviews and remediation tracking.
• Provide reporting on resilience posture, RTO/RPO alignment, and program maturity to senior management and risk committees.
• Lead preparation and responses for Internal Audit activities, regulatory examinations, independent audits, and customer/partner due diligence related to security, IT, and BCM.
• Produce concise, defensible narratives, control maps, and evidence packages. Coordinate requests and brief stakeholders before and during exams.
• Track and oversee remediation of exam and audit findings and report progress to management and risk committees.
• Publish program health dashboards, KRIs/KPIs, and control maturity assessments to Enterprise Risk Management, management, and risk committees.
• Coach control owners on expectations, testing methods, evidence hygiene, and automation opportunities.
• Promote a culture of control excellence, continuous improvement, and proactive risk management across the Bank.

Benefits

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.