Senior Lead Operational Risk Officer | Technology Risk Management

About The Position

Requirements

• 7+ years of Operational Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.

Nice To Haves

• Deep understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and incident response methodologies.
• Strong knowledge of identity and access management (IAM) principles, tools, and governance practices.
• Expertise in data protection, encryption standards, and information classification.
• Experience with security operations, including SIEM, log management, and threat detection technologies.
• Expertise with vulnerability management tools, scanning methodologies, and remediation processes.
• Knowledge of cyber threat intelligence, adversary behavior analysis, and proactive threat hunting techniques.
• Proven ability to assess and challenge cyber risk controls and influence remediation strategies.
• Strong communication, analytical, and leadership skills with experience engaging senior stakeholders and regulators.
• Experience in a second line of defense or independent cybersecurity risk oversight function is highly desirable.

Responsibilities

• Cyber Incident Response Oversight: Including classification, investigation, escalation, containment, recovery, and closure to ensure timely and effective handling of cybersecurity events.
• Infrastructure security: Including networks, workspace, and data stores.
• Application security: Including pen testing, application threat modeling and application security testing
• Identity and Access Management Oversight: Including authentication, authorization, privileged access, remote access, and segregation of duties.
• Information Protection Oversight: Including data leakage prevention, information classification, encryption, and disclosure controls to ensure sensitive data is adequately protected.
• Security Monitoring Oversight: Including the effectiveness of security event monitoring, log collection, dashboard governance, and threat actor analysis to ensure proactive detection and response capabilities.
• Vulnerability Management Oversight: Including lifecycle of vulnerability management including discovery, identification, monitoring, remediation, and reporting to ensure timely mitigation of technical risks.
• Cyber Threat Intelligence and Adversary Hunting: Including threat intelligence is effectively gathered, analyzed, and used to inform defenses against emerging threats and adversary tactics.
• Risk Reporting and Communication: Deliver clear, actionable insights and reporting on cybersecurity risk exposures to senior management, risk committees, and regulatory bodies.
• Stakeholder Engagement: Collaborate with first-line cybersecurity teams, technology, compliance, legal, and internal audit to ensure a cohesive and effective cybersecurity risk management approach.

Benefits

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement