Endpoint Security Risk & Compliance Lead

About The Position

Requirements

• Excellent leadership and collaboration skills: The ability to collaborate with various stakeholders, including endpoint security teams, IT operations, and risk partners, is crucial for success in this role.
• The candidate must understand, speak, and write in both technical and simplified language, translating technical concepts between various audiences and partner teams including communications to auditor or regulator audiences.
• Audit and regulatory compliance expertise: Experience with audit and regulatory engagements, including knowledge of relevant laws, regulations, and industry standards (e.g., NIST, SWIFT, PCI-DSS, GDPR), is essential for this position.
• Strong understanding of security risk management frameworks: The ideal candidate should have in-depth knowledge of security best practices, risk management principles, and industry-recognized security frameworks.
• Experience with reporting and metrics ownership: The ability to develop and maintain meaningful reports and metrics to measure endpoint security governance and compliance is critical for this role.

Nice To Haves

• Certifications in information security (e.g., CISSP, CCSP, CRISC, CIAM, ITIL)
• Previous work experience within the Finance or Insurance sector or other large enterprise industry
• Understanding of security technologies such as anti-virus, data monitoring and protection, cryptography, identity and access management, and vulnerability scanning technologies
• Knowledge of enterprise environments including IT ecosystems, software networks, traditional on-premise infrastructure and cloud platforms (AWS, Azure, GCP)
• Experience with agile methodologies and tools, such as Jira or Azure DevOps, for backlog management and sprint planning

Responsibilities

• Stakeholder Collaboration: Work closely with endpoint security teams, IT operations, and risk partners to understand security controls and processes and manage risks.
• Audit & Regulatory Engagement Leadership: Champion audit, regulatory, and key control engagements with support from technical teams to drive accurate and meaningful responses for evaluators while also identifying areas for learning and improvement.
• Risk Management: Own primary accountability for endpoint security risk management across endpoint security products. Capturing risks, tracking risks through their lifecycle, and supporting technical teams driving towards remediation.
• Reporting & Remediation: Drive the development, distribution, and maintenance of meaningful reporting for key governance and compliance metrics relating to endpoint security (e.g., patching, certificate management, and password rotations.).
• Supplier Management Governance: Manage regular reviews of endpoint security technology solutions relating to supplier and data risk, model risk, and exit strategies.

Benefits

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.
• Leaders who support your development through coaching and managing opportunities.
• Ability to make a difference and lasting impact.
• Work in a dynamic, collaborative, progressive, and high-performing team.
• A world-class training program in financial services.
• Opportunities to do challenging work.