Director – Enterprise Technology & Cyber Risk

Director – Enterprise Technology & Cyber Risk

Requirements

• 10+ years in the Financial Services, Ratings or Data / Research Industry
• Bachelor’s or advanced degree in a relevant field (e.g., Information Security, Risk Management, Business Administration)
• Proven experience in technology risk management with in-depth knowledge of technology, information security, operational, third party, and other relevant risks
• Strong knowledge of relevant regulations and industry standards including risk frameworks and quantification methodologies
• Excellent leadership and team management skills
• Effective communication and interpersonal skills, with the ability to act as a business partner by translating complex technical concepts into accessible language for generic audiences
• Strong analytical skills and ability to articulate guidance clearly and concisely

Responsibilities

• Implement and operationalize the Enterprise Technology & Cyber Risk Management framework across assigned divisions in close partnership with First Line stakeholders
• Ensure consistent application of risk management practices and policies, enhancing collaboration with First Line Control functions and other assurance functions such as Internal Audit
• Provide expert risk advisory services to mitigate technology and cyber-related risks within divisions
• Facilitate discussions and assessments with impacted stakeholders to interpret risks and their implications for the organization
• Deliver detailed oversight of technology and cyber risks at the divisional level, ensuring comprehensive risk identification and management
• Develop and present comprehensive risk reporting to inform and support informed decision making by key stakeholders and leadership
• Support the aggregation of divisional level risks to enterprise views
• Collaborate with cross-functional teams to ensure reports are comprehensive and reflect diverse perspectives and areas of concern
• Utilize risk insights to inform strategic direction and enhance the overall technology and cyber risk management framework
• Assist with continuously enhancing the risk framework and methodologies to keep pace with the evolving risk environment
• Support divisions in achieving regulatory compliance and adhering to industry standards
• Advise on proactive risk mitigation strategies to address specific technology and cyber-related challenges
• Serve as the key liaison between divisions, facilitating communication and coordination to ensure alignment with the risk management framework
• Strengthen partnerships with First Line Control functions to enhance risk management practices
• Conduct in-depth analyses of risk data to identify trends and potential areas of concern
• Apply risk measurement methodologies to obtain accurate views of risk and develop ‘what if’ scenarios to identify cost effective mitigation options
• Provide actionable insights to leadership and key stakeholders, driving informed and risk-based decision-making
• Identify and implement opportunities to enhance risk management processes
• Introduce new tools and techniques to improve efficiency and effectiveness, ensuring continuous improvement in risk management practices
• Support maintenance of the technology and cyber risk framework, and associated policies and methodologies

Preferred Qualifications

• Excellent Communication skills, including experience with Executive and Board of Directors level presentations
• Industry certifications (e.g., CISSP, CISM, CRISC) are a plus
• Unwavering ethics and integrity, and an ability to stand firm on issues with independence
• A team player with strong interpersonal, people management and leadership skills, demonstrating confidence, practicality, and resilience
• Demonstrated ability to design, drive and pace organizational change and bring others along
• Ability to influence and build strong and trusting relationships with senior stakeholders and to collaborate internally and across company organizations
• Lead and manage a high-performing team of technology risk and data governance professionals
• Provide mentorship, training, and professional development opportunities for team members
• Foster a culture of collaboration, innovation, and continuous improvement