Head of IT and Cyber Risk

Reporting to the Head of Operational Risk, the Head of IT & Cyber Risk provides strategic leadership for designing, implementing, and continuously enhancing second line technology and cyber risk frameworks. You will ensure the organization proactively identifies, assesses, and manages technology and cybersecurity risks, working with stakeholders to embed resiliency and robust risk practices into business operations. You will lead a specialized risk team focused on risk assessment, technology resiliency initiatives, and ongoing improvement of risk methodologies. You Will Lead and oversee comprehensive IT and cyber risk assessments aligned to industry frameworks including ( e.g. National Institute of Standards and Technology (NIST) and International Organization for Standardization, (ISO)) to identify, evaluate, and prioritize risk exposures across the enterprise, including ownership of the annual NYDFS Cybersecurity Risk Assessment process, including proper documentation and reporting. Drive execution and oversight of technology resiliency initiatives, including development and regular testing of business continuity and disaster recovery plans. Collaborate with 1st and 3rd lines of defense to oversee the completion of control testing, logging findings, and integrate results into risk assessments and dashboards. Partner with auditors to support SOC attestation and remediation. Champion integration of risk management processes and reporting within ServiceNow (SN), ensuring seamless connectivity, process automation, and unified oversight across platforms. Develop, maintain, and present dashboards and key metrics to senior stakeholders providing visibility into risk landscape, control effectiveness, and program performance, enabling data-driven decision making. Own and maintain the IT Risk Register, facilitate root cause analysis and lessons learned, and oversee remediation activities to continuously strengthen the control environment. Partner with the third-party risk and business risk & resiliency teams to comprehensive IT and cyber risk assessments are performed and remediation efforts are implemented. You Are Driven to accelerate impact and lead change Exceptional communicator across multiple levels of an organization, able to drive outcomes through others Flexible and resourceful in managing multiple priorities You Have 10+ years of experience in cybersecurity, IT, or information security, with at least 5 years in risk management or leadership role. Deep knowledge of risk management frameworks (NIST, ISO, COBIT), incident response, control design, and regulatory compliance is required Certifications preferred (ISM, CISSP, or similar) Reporting relationships This position reports to the Head of Operational Risk, who reports to our Chief Risk Officer within Enterprise Risk Management.