Managing Director, Technology Risk Management

About The Position

Requirements

• 12 years minimum of broad cybersecurity expertise, with deep knowledge across infrastructure, cloud, threat management, insider risk, data, and digital assets in a diversified financial services environment of comparable scale and complexity.
• Significant leadership experience in cybersecurity, technology risk, information security, or related second-line risk management roles within a large, regulated financial services institution.
• Demonstrated ability to design, govern, and mature enterprise risk management frameworks, policies, standards, controls, and reporting processes.
• Proven experience providing independent oversight and credible challenge to first-line technology, cybersecurity, cloud, data, and infrastructure teams.
• Deep understanding of regulatory expectations for cybersecurity and technology risk management, including experience engaging with regulators, internal audit, and senior risk committees.
• Experience leading risk assessments, issue management, control evaluations, and remediation oversight across complex technology environments.
• Strong executive presence, with the ability to communicate complex cyber and technology risk issues clearly to senior leadership, boards, regulators, and cross-functional stakeholders.
• Experience building or leading high-performing teams with specialized expertise across cybersecurity, data risk, cloud risk, threat management, and risk analytics.
• Familiarity with emerging technology risk areas, including AI, digital assets, cloud transformation, third-party technology risk, and evolving cyber threat landscapes.

Nice To Haves

• Cybersecurity Certifications Preferred: CISSP, CISM, CRISC, or equivalent

Responsibilities

• Lead an independent, integrated cybersecurity risk management program that assesses, monitors, measures, and reports on technology risks, including threat management, insider risk, vulnerabilities, cloud, data, and digital assets.
• Provide effective challenge and oversight of first-line cybersecurity controls across infrastructure security, cloud strategy, penetration testing, and cyber defense capabilities.
• Oversee data and digital asset risk domains, with clear coverage of confidentiality, integrity, availability, and privacy considerations.
• Establish risk metrics, monitoring, and reporting standards that strengthen issue identification, escalation, remediation, and enterprise accountability.
• Align specialized cybersecurity risk disciplines within a cohesive second-line oversight framework.
• Partner closely with Technology leadership to increase risk awareness, influence strategic direction, and advance the firm’s cybersecurity and data governance posture.
• Engage regularly with senior leaders across Corporate Risk Management, Audit, and regulatory stakeholders, including the Federal Reserve Board.
• Manage cyber risk within appetite by strengthening prevention and detection of security failures, maintaining regulatory and audit readiness, and enabling strategic initiatives such as AI, digital assets, and cloud adoption through disciplined risk governance.
• Improve risk transparency and decision-making through actionable metrics, clear escalation paths, and remediation governance.