Lead – Cyber Risk & Control Monitoring

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
• 7+ years of experience in information security, IT risk, technology audit, compliance, GRC, or control testing/assurance functions
• Demonstrated experience leading audit, risk, or assurance activities—including evidence strategy, walkthroughs, testing, and issue remediation
• Strong stakeholder management and executive communication skills; ability to translate technical control results into business risk
• Experience defining control objectives, designing testing approaches (manual and automated), and identifying corrective actions that address root cause
• Working knowledge of security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS 500, etc.) and experience mapping controls across frameworks
• Experience producing executive-ready artifacts (dashboards, risk narratives, committee materials, audit packages) and facilitating governance forums
• Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls
• Hands-on experience with GRC and control/issue management workflows (e.g., ServiceNow) and building repeatable evidence processes
• Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns
• Must be legally authorized to work in the United States, without the need for employer sponsorship.

Nice To Haves

• Understanding of AI/ML security and governance considerations (e.g., data protection, model risk, third-party AI, secure use/monitoring) is a plus
• Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP)

Responsibilities

• Help lead the design, execution, and continuous improvement of the information security continuous control monitoring (CCM) program
• Maintain a prioritized control inventory and define control objectives, owners, evidence sources, testing frequency, and monitoring methods
• Define and monitor KPIs/KRIs and produce recurring dashboards for leadership (control health, exceptions, overdue actions, and risk trends)
• Oversee control testing and monitoring cycles (manual and automated), including data quality checks, sampling standards, and alignment to internal frameworks
• Partner with control owners to instrument monitoring, reduce manual evidence collection, and improve control reliability through automation
• Establish an intake and triage process for control exceptions, audit findings, and emerging risks to ensure consistent severity, ownership, and due dates
• Lead coordination of internal audits, external audits, and third-party assessments, including scoping, evidence planning, walkthroughs, and stakeholder alignment
• Oversee responses to audit requests and findings, ensuring accuracy, consistency, and traceability to control design and operation
• Drive ongoing readiness for recurring assessments (e.g., SOC 2, internal audits, etc.) through continuous evidence and control health reporting
• Establish and enforce an issue management lifecycle for findings/control gaps (intake, risk rating, action plans, due dates, status reporting, closure criteria)
• Challenge and validate remediation plans to ensure root-cause correction, appropriate compensating controls, and measurable risk reduction
• Escalate overdue, high-severity, or systemic issues through established governance forums and senior leadership reporting
• Validate remediation effectiveness through follow-up testing and define clear closure criteria to prevent re-occurrence
• Develop executive-level reporting on control effectiveness, audit status, and remediation progress
• Partner with: Security Engineering & Operations, Enterprise Risk Management, Internal Audit, Privacy & Legal
• Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through

Benefits

• Skill-building
• Leadership development
• Philanthropic opportunities
• Supportive, flexible, and inclusive benefits and resources