Senior Director- Security, Risk, & Emerging Threats (Global Security)

About The Position

Requirements

• 10+ years of progressive experience in Security engineering, or risk advisory roles, with demonstrated ability to identify and exploit vulnerabilities across multiple technical layers (AI/ML, data protection, cloud security, application security, systems architecture, access controls)
• Substantial hands-on experience with AI/ML systems, including understanding of model development, deployment, governance, bias detection, explainability challenges, and control frameworks specific to AI systems in financial services
• Deep technical knowledge of enterprise systems architecture, cloud infrastructure, distributed systems, scalability, resilience, disaster recovery, and architectural design patterns as they relate to risk management
• Comprehensive expertise in data governance, privacy frameworks (PIPEDA, GDPR equivalent), data classification, encryption, access controls, data retention policies, and privacy-by-design principles
• Broad technical knowledge across multiple additional technology domains including: cybersecurity, software development, third-party risk management, and emerging technologies
• Strong understanding of IT risk frameworks, control design principles, and risk assessment methodologies
• Familiarity with enterprise risk management practices, risk appetite frameworks, and the Three Lines of Defense model
• Experience developing and executing multi-year strategic plans and managing large-scale initiatives
• Proven ability to serve as a trusted technical advisor to senior leaders on complex technology and risk matters.
• Strong negotiation and stakeholder management skills, with the ability to balance organizational priorities and risk considerations
• Excellent communication skills, with the ability to translate technical concepts into clear, actionable business insights for diverse audiences
• Ability to work effectively in ambiguity, prioritize competing demands, and drive collaboration in a matrixed organization

Nice To Haves

• Industry certifications such as CISSP, CISM, CISA, or CRISC
• Certifications or demonstrated expertise in AI governance, responsible AI frameworks, or AI risk management
• Knowledgeable of offensive security disciplines (penetration testing, red team operations, cyber forensics, security assessments)
• Certifications or demonstrated expertise in systems architecture governance or enterprise architecture frameworks (TOGAF, ArchiMate)
• Certifications or demonstrated expertise in data protection frameworks (DPIA, data governance, privacy engineering)

Responsibilities

• Conduct targeted, data-driven risk assessments across critical technology domains (AI/ML, systems architecture, data protection, cybersecurity, and third-party dependencies).
• Develop specialized methodologies for AI, architecture, and data protection risks, aligned with enterprise risk appetite and governance frameworks.
• Serve as a key strategic partner to regional IT risk leads across APAC, EU, and US, providing technical expertise and guidance on complex technology risk matters.
• Collaborate to coordinate global risk assessment initiatives while respecting regional regulatory requirements and risk management practices.
• Lead external incident and threat analysis to identify emerging risks and attack patterns relevant to financial services.
• Conduct deep-dive reviews of external incidents (AI system failures, data breaches, and architecture vulnerabilities) to evaluate their applicability and potential impact on the organization’s environment, technology, and AI/data ecosystems.
• Produce threat intelligence and incident briefings for stakeholders, and coordinate response reviews and lessons-learned exercises to drive control improvements and risk mitigation strategies.
• Develop executive-grade reporting packages for senior management and regulators, presenting global technology risk posture, trends, and mitigation progress.
• Lead the production of quarterly/annual risk management reports and regulatory submissions.
• Identify opportunities to strengthen the global technology control environment, with a focus on AI governance, systems architecture resilience, and data protection frameworks.
• Design and advocate for control improvements aligned with business transformation, regulatory expectations, and industry best practices, while developing implementation guidelines that balance effectiveness, efficiency, and feasibility across the enterprise.
• Collaborate with compliance functions to ensure technology risk assessments align with regulatory requirements, supporting governance, control documentation, and reporting.
• Coordinate on interpreting and implementing regulatory guidance for technology, cyber risk, AI governance, and data protection, while integrating compliance considerations into risk prioritization and control design decisions.
• Offer expert guidance to issue owners throughout the remediation process, leveraging specialized knowledge in AI, systems architecture, and data protection to address technical risks effectively.

Benefits

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.
• Leaders who support your development through coaching and managing opportunities.
• Ability to make a difference and lasting impact.
• Work in a dynamic, collaborative, progressive, and high-performing team.
• A world-class training program in financial services.