Manager, Cyber Risk & Analysis

About The Position

Requirements

• High School Diploma, GED, or equivalent certification
• At least 4 years of technical experience in at least two domains of cyber security such as identity and access management and endpoint security.
• At least 4 years of progressive experience in GRC, compliance, or related legal or regulatory roles, with demonstrated success building or scaling compliance programs.

Nice To Haves

• Bachelors Degree
• 4+ years of experience at a major technology company or financial services; prior compliance work at Visa, Mastercard, American Express or another financial institution
• Maintain comprehensive understanding of each entity's structure, operations, compliance, and risk posture, anticipating challenges and opportunities while ensuring effective communication and escalation of key issues and mitigating long-term risks
• Drive initiatives to streamline and enhance governance processes, fostering transparency and accountability within the organization
• Working knowledge of domestic and international regulatory requirements and laws that govern credit and debit network
• 3+ years of experience drafting, tailoring, and communicating complex technical and cyber risk reports to all levels, including senior executives, the Board, and regulatory bodies
• Demonstrated ability to work independently, manage complex, ambiguous projects, and drive outcomes across enterprise boundaries
• Hands-on experience applying major security and risk frameworks such as: NIST CSF, NIST 800-53, ISO 27000-1
• Cybersecurity certifications such as: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); or Certified in Risk and Information Systems Control (CRISC)

Responsibilities

• Maintain and advance the company’s information security control framework, ensuring proper design, implementation, and ongoing assurance activities.
• Partner with cross‑functional teams to build, maintain, and monitor compliance across the business.
• Oversee and direct the organization's GRC initiatives to achieve and maintain compliance with relevant regulations and certifications, including ENS, Lince, the CRA Cybersecurity Resiliency Act, and the EU AI Act, ensuring that all requirements are fully satisfied and sustained.
• Represent our team in technology councils to ensure an appropriate risk lens is applied to cyber and technology initiatives and strategic programs.
• Build and maintain relationships with technical leaders, engineers, architects, and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risks are well communicated and understood by the key stakeholders.
• Understand and assess the inventory of technology and cyber risk management related laws and regulations, as well as industry standards such as the NIST, PCI DSS, CSF and FFIEC guidance, and how they translate into organizational requirements and controls.
• Perform technology and cybersecurity risk management requirement applicability and impact assessments against business, technology and cyber processes.

Benefits

• performance based incentive compensation
• cash bonus(es)
• long term incentives (LTI)
• comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being