Director – Enterprise Cybersecurity Risk

Director – Enterprise Cybersecurity Risk

Requirements

• 8-10 years’ experience in information technology risk, cyber security, controls or audit roles
• Experience in fraud risk frameworks a plus
• Prior experience in team management and leadership is preferred
• Bachelor’s Degree in Computer Science, Technology, or a related field of study preferred
• Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
• Experience performing Technology risk assessments, Control assessments or IT Audits or implementing Cybersecurity controls for large scale financial service organizations (cloud, distributed, vendor solutions, mainframe, and network environments)
• Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)
• Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS)
• Strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions
• Ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring
• Process orientation and understanding of operations and technology enabling support in the analysis, development and monitoring of controls
• Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, HITRUST is preferred
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
• Excellent verbal and written communication skills enabling preparation and presentation of recommendations to senior management.

Responsibilities

• Providing technical direction and professional guidance to technology risk associates that fosters individual growth and development as well as team and organizational deliverables
• Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
• Conducting in-depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation
• Assist with developing and monitoring controls related to cybersecurity and to meet applicable security, audit, and regulatory requirements
• Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management
• Determining appropriate KPIs/KRIs for IT risk monitoring
• Understanding and consulting on information security standards and industry best practices
• Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements
• Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.

Preferred Qualifications

• Experience in fraud risk frameworks a plus
• Prior experience in team management and leadership is preferred
• Bachelor’s Degree in Computer Science, Technology, or a related field of study preferred
• Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
• Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, HITRUST is preferred
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred.