Head of Cybersecurity Governance

About The Position

Requirements

• 10+ years of experience in cybersecurity, governance, risk, or compliance roles, with increasing leadership responsibility.
• Proven experience building and running cybersecurity governance, policy, and awareness programs in a regulated environment.
• Strong understanding of cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, NYDFS, GLBA, SEC).
• Demonstrated ability to partner effectively with Legal, Compliance, Privacy, IT, and business teams.
• Experience leading and developing teams and managing complex, cross‑functional initiatives.
• Exceptional written and verbal communication skills, with the ability to influence at senior and executive levels.

Responsibilities

• Own the cybersecurity governance framework, ensuring alignment with enterprise risk management, business objectives, and regulatory requirements.
• Lead the creation, maintenance, and periodic review of all cybersecurity policies, standards, procedures, and guidelines.
• Establish and manage a formal policy lifecycle process, including approvals, exceptions, waivers, and annual reviews.
• Ensure policies are practical, enforceable, and clearly mapped to security controls and regulatory obligations.
• Partner closely with Cybersecurity Engineering, Operations, and Risk Management teams to ensure governance is aligned with real‑world controls and practices.
• Design, implement, and continuously improve the enterprise cybersecurity awareness and training program.
• Own mandatory security training, phishing simulations, role‑based training, and executive‑level awareness initiatives.
• Measure training effectiveness through metrics, trends, and risk‑based outcomes.
• Promote a strong security culture across the organization, balancing education, accountability, and business enablement.
• Partner with Legal, Privacy, Compliance, and Risk teams to design and operate a cohesive cybersecurity regulatory compliance program.
• Interpret and operationalize cybersecurity‑related laws, regulations, and standards (e.g., NYDFS, GLBA, SEC, GDPR/CCPA, ISO, NIST).
• Maintain regulatory mappings between requirements, policies, controls, and evidence.
• Support regulatory exams, audits, client due diligence, and third‑party assessments related to cybersecurity governance.
• Monitor emerging cyber regulations and assess their impact on the organization.
• Act as the primary cybersecurity governance partner for IT, Legal, Compliance, Privacy, HR, and business leaders.
• Translate regulatory and policy requirements into actionable guidance for technical and non‑technical teams.
• Provide clear, executive‑ready reporting on governance posture, compliance status, and key risk themes.
• Support board‑level and executive governance forums with clear, concise insights.
• Build, lead, and mentor a cybersecurity governance team, including policy, training, and compliance specialists.
• Define team structure, roles, career paths, and performance expectations.
• Establish scalable processes, tooling, and metrics to support governance operations.
• Drive continuous improvement through automation, standardization, and data‑driven decision‑making.

Benefits

• medical
• dental
• vision
• life insurance
• 401(k)