Vice President – Cybersecurity GRC

Vice President – Cybersecurity GRC

Requirements

• Bachelor’s degree in Cybersecurity, Engineering, Information Security, Information Technology, Computer Science or other related disciplines.
• 10+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector.
• Fundamental understanding and familiarity with global cybersecurity regulatory requirements, and security frameworks (ex. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), International Organization for Standardization (ISO)27001, American Institute of Certified Public Accountants (AICPA) Trust Services Criteria), General Data Protection Regulation (GDPR).
• Extensive experience with risk management frameworks such as COSO ERM, ISO 31000, and FAIR, and the ability to apply these frameworks to identify, assess, and mitigate technology and cybersecurity risks.
• Proven ability to quantify and analyze technology and cybersecurity risks using qualitative and quantitative methods, and to develop risk metrics and dashboards for effective risk monitoring and reporting.
• Strong technical writing skills for policy, standard, and procedure writing/editing.
• Strong strategic process development skills with a tendency toward automation.
• Proven experience conducting cybersecurity risk assessments and compliance audits.
• Familiarity with security controls implementation, monitoring, and improvement.
• Excellent communication skills to collaborate with cross-functional teams and stakeholders.
• Experience using data visualization tools to develop reports.
• Ability to build automated workflows using tracking software such as JIRA.

Responsibilities

• Develop and Lead Technology Risk Management Program ensuring alignment with organizational goals and industry best practices.
• Establish and manage a risk intake and identification process, conducting annual and ongoing risk assessments to identify, evaluate, and prioritize technology and cybersecurity risks.
• Develop and implement risk mitigation strategies and action plans to address identified risks, ensuring timely remediation and continuous improvement.
• Oversee the cybersecurity aspects of third-party risk management, including vendor assessments, contract reviews, and ongoing monitoring of third-party risks.
• Collaborate with various teams to integrate risk management practices across the organization.
• Create and deliver comprehensive risk reports and presentations to senior management, providing visibility into the risk landscape and the effectiveness of risk management efforts.

Preferred Qualifications

No preferred qualifications provided.