VP, Cyber Assurance & Defense

About The Position

Requirements

• 15+ years of progressive, hands‑on technical information security experience in financial services or similarly regulated industries.
• Ability to deliver risk focused recommendations balancing cost and benefit
• 5+ years at a VP level or equivalent senior leadership role managing enterprise scale cybersecurity programs.
• 10+ years leading highly technical security teams, including direct involvement in: Forensic investigations, Ethical hacking / penetration testing, SIEM/SOC operations and threat analysis, Incidence response ED/EXR Security tool implementations.
• Demonstrated experience operating under FFIEC, NCUA, CFPB, NYS DFS Cybersecurity, GLBA, PCI and regulatory scrutiny.
• Technical Expertise (Required): Network, endpoint, and application security, Encryption, key management, and data protection, Cloud security (AWS IaaS/PaaS), SaaS security controls.
• Certifications: One or more of the following required: CISSP, CEH.
• Work Location Requirement: Onsite in Albany, NY with a minimum of four (4) days per week.
• Hands on leadership presence is required to support teams, regulators, and critical incident response.
• SIEM/SOAR platforms and detection engineering
• Identity and access governance systems
• Microsoft 365 E5 security stack
• DevSecOps and secure SDLC practices
• Red team, purple team, and adversary simulation
• AI Security Monitoring
• AI usage in cybersecurity operations and detection

Nice To Haves

• Additional certifications (AWS Security, GIAC, OSCP) are strongly preferred.
• Bilingual individuals who are fluent in a second language in addition to English are highly encouraged to apply.

Responsibilities

• Provide oversight of the Cyber Assurance & Defense function (includes Cyber Defense and Identity Governance), encompassing: Defensive security monitoring and detection, Offensive security (penetration testing, red/purple teaming), Digital forensics and investigations, Identity and Access governance (IAG).
• Act as the technical security expert, independently validating initiatives/ project situations, security control design, effectiveness, and sustainability.
• Design and execute a multi‑year cybersecurity maturity roadmap addressing: Vulnerability and exposure management, Security architecture and technical design reviews, Security tool rationalization and roadmap planning, Early warning detection capabilities using SIEM and UEBA, Deception technologies and advanced detection engineering.
• Mature security capabilities from ad‑hoc to defined, repeatable, and measurable, with regulator defensible documentation and evidence.
• Enhance and oversee the Cybersecurity Incident Response Team (CIRT) program, including: Maintain updated IR plans, playbooks, and runbooks to align with evolving threats, Define roles and escalation paths, Executive and regulator communication standards, Tabletop exercises and live simulations.
• Oversee forensic investigations involving: Endpoint, network, cloud, and SaaS platforms, Insider threat activity, Credential misuse and account compromise.
• Ensure lessons learned are operationalized into control improvements.
• Support SVP Information Risk and Security managing incident response.
• Architect and lead a centralized enterprise IAG program, including: Encourage Role Based Access Control (RBAC), Least privilege enforcement, Segregation of duties (SoD), Privileged Access Management (PAM).
• Assess, select, and implement user access governance platforms appropriate for financial services scale and risk.
• Centralize access risk decisions based on application criticality, data sensitivity, and regulatory impact.
• Identify emerging cyber threats and systemic risks impacting: Core banking systems, Cloud (AWS) and SaaS platforms (Microsoft 365), Digital channels and member facing technologies.
• Translate technical findings into clear risk statements with prioritized remediation recommendations.
• Develop cyber risk metrics, KRIs, and dashboards to: Inform senior leadership and board committees, Optimize investment decisions, Demonstrate risk reduction over time.
• Review and challenge technology controls across are required: Network and infrastructure, Cloud (AWS IaaS/PaaS), SaaS (Salesforce Shield, Microsoft 365 E5), DevSecOps pipelines and CI/CD tooling.
• Ensure security is embedded in (security by design): System acquisitions, Projects and initiatives, Software development lifecycles, Change and release management.
• Provide guidance on secure AI usage, automation, and emerging technologies.
• Build, lead, and mentor a team of highly technical cybersecurity practitioners capable of: Threat modeling and attack simulation, Detection engineering, Forensic analysis, Technology and security control validation.
• Serve as a trusted advisor to leadership and peers.
• Communicate complex security concepts clearly to both technical and non technical stakeholders.

Benefits

• competitive benefits package