VP, Lead Security Risk Analyst

About The Position

Requirements

• Bachelor’s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CISSP ISSAP, SABSA, CCSP, GCAD, CRISC, CISSP).
• 7-9+ years of experience in GRC, cybersecurity, risk management or related fields, and most importantly cloud/security architecture, particularly in highly regulated industries such as financial, or professional services.
• Demonstrated history of influencing architectural decisions and driving enterprise-level security program improvements.
• High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
• Advanced knowledge of cloud architecture, application security, identity governance, encryption, secure design patterns, network architecture, and telemetry design.
• Experience translating requirements into architectural controls and technical standards.
• Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
• Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
• Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
• Comfortable solving ambiguous, enterprise-scale problems.
• Proven ability to lead multi-team initiatives and drive results in a fast-paced environment.
• Excellent communication and interpersonal skills, with the ability to influence senior engineers, architects, and business leaders
• High School diploma or equivalent required

Responsibilities

• Lead enterprise Information Security engagement across all enterprise-wide corporate projects, championing security by design principles, influencing security decisions without direct authority and driving alignment across multiple business and technology domains.
• Contribute to the development, management, and ongoing improvement of the Information Security risk program, compliance initiatives, and overall security risk posture.
• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
• Maintain Information Security risk register, report monthly to appropriately address key risk areas.
• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
• Lead and deliver enterprise and domain risk assessments (at least annually, or event driven) using consistent methodology that complies with regulatory requirements
• Conduct and lead the bank’s most complex and high-impact risk assessments, including those involving enterprise architecture, modernization initiatives, AI/ML platforms, cloud deployments, or third-party integrations.
• Drive cross-functional remediation initiatives, ensuring timely resolution of identified issues and alignment with enterprise risk appetite.
• Act as the primary GRC representative and senior advisor in enterprise security architecture projects, ensuring that security, compliance, and risk considerations are embedded in design decisions for cloud, infrastructure, and applications.
• Lead architecture-focused risk assessments for new technologies, major system integrations, cloud migrations, and high-impact projects to identify systemic risks and required compensating controls.
• Translate security policies, standards, regulatory requirements and control frameworks into detailed architectural requirements, control patterns, and secure design standards consumable by engineering and application teams.
• Advise solution architects, engineers, and product teams on secure design patterns, identity and access architecture, encryption frameworks, data protection requirements, and logging/monitoring standards.
• Evaluate the security implications of modernization initiatives, and system migrations ensuring risks are documented and mitigated through appropriate design.
• Define architecture-aligned security requirements and control baselines that engineering and architecture teams use to build secure-by-design systems.
• Partner with detection engineering and cloud teams to ensure logging, auditability, and monitoring capabilities are embedded in the technology stack.
• Lead complex and technical vendor security reviews, including onboarding assessments, and high-risk assessments involving cloud platforms, data integrations, and critical infrastructure providers.
• Follow all established policies and procedures.
• Perform other duties and projects as assigned.

Benefits

• 401k plan which includes a company match and immediate vesting
• comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA)
• adoption, surrogacy, and fertility assistance
• paid parental leave and family support solutions including care options for your family
• paid vacation days, holidays, and volunteer time off
• tuition reimbursement
• an annual mentorship program
• leadership development resources
• access to LinkedIn Learning