Risk Partner Senior Manager - Technology & Cybersecurity

About The Position

Requirements

• 10+ years of experience in cybersecurity, technology risk, operational risk, or related disciplines within a large, complex organization.
• Demonstrated deep cybersecurity expertise equivalent to a Business Information Security Officer, Security Risk Lead, or similar senior cyber risk role.
• Proven experience operating in or alongside a second line of defense function within a Three or Four Lines of Defense model.
• Ability to engage credibly with senior engineers, architects, and security teams while maintaining independence from first‑line delivery ownership.
• Strong executive communication skills with the ability to translate technical risk into business impact.

Nice To Haves

• Experience in highly regulated environments and familiarity with regulatory expectations impacting technology and cybersecurity risk.
• Experience with operational resilience, third‑party risk, or enterprise risk management functions.
• Relevant professional certifications (e.g., CISSP, CISM, CRISC, or equivalent).

Responsibilities

• Serve as the primary risk partner and advisor to senior business and technology leaders for Enterprise Shared Services Technology (ATS) and the supported shared services functions (Human Resources, Legal, Finance, and Law & Regulation) providing an integrated view of operational risk across cybersecurity, technology, resilience, third‑party, and compliance domains.
• Develop and maintain a consolidated risk profile that connects disparate risk signals into a coherent, decision‑enabling narrative for leadership and governance forums.
• Influence strategy, investment decisions, and delivery roadmaps by ensuring risk considerations are identified early and aligned with enterprise risk tolerance.
• Provide cybersecurity risk leadership for enterprise platforms supporting shared services, including risks related to sensitive employee data, financial systems, legal information, regulatory data, and privileged access.
• Maintain hands‑on cybersecurity expertise and serve as the primary cybersecurity risk authority for the supported business and technology domain.
• Lead high-impact cyber risk discussions with technology teams and ensure informed stakeholder risk acceptance decisions.
• Translate high-severity cybersecurity findings (e.g., vulnerabilities, control deficiencies, incident learnings) into clear business impact, tradeoffs, and risk posture for senior leaders.
• Function as the second line risk advisor during significant cyber incidents or supplier events, assessing business and customer impact and overseeing remediation and risk decisions.
• Operate as a second line of defense function, providing independent oversight, challenge, and guidance to first line teams without owning controls or delivery execution.
• Apply enterprise risk taxonomies, assessment methodologies, and reporting standards to ensure consistency and comparability of risk information.
• Monitor remediation commitments, documented exceptions, and compensating controls, escalating risks that exceed established tolerance.
• Plan and oversee risk assessments and thematic reviews, synthesizing outputs into executive‑level insights and trend analysis.
• Identify systemic risk trends and emerging threats, proactively advising leadership on potential impacts and mitigation options.
• Prepare and deliver concise risk briefings for senior leaders, councils, and committees.
• Leverage extended domain expertise while retaining accountability for the integrated risk view and messaging.

Benefits

• Family and Medical Leave Act (FMLA)