Partner with CIOs, senior leadership, and technology stakeholders to assess and communicate cybersecurity risk in business terms
Influence prioritization of security investments and drive remediation strategies that align with enterprise risk tolerance
Serve as the primary cybersecurity advisor to the business, interpreting enterprise policies, providing actionable guidance, and ensuring business initiatives comply with internal standards and regulatory requirements
Identify, assess, and document security risks across products, applications, and third-party relationships
Collaborate with remediation owners to develop and track resolution plans based on risk severity and business impact
Deliver executive-level risk dashboards and metrics that provide transparency into the business’s security posture
Ensure timely and meaningful communication of emerging risks and remediation progress
Collaborate with the broader Cybersecurity and Risk organizations to ensure security strategies are pragmatic, risk-based, and aligned with both business priorities and technical capabilities
Promote awareness of regulatory and industry obligations through targeted training, awareness campaigns, and proactive engagement
Ensure the business maintains readiness for internal audits and external regulatory assessments
Ensure security risk and controls assessments are conducted at appropriate intervals and with relevant depth based on evolving threats and business changes
Guide technology teams in adopting enterprise cybersecurity tools, capabilities, and controls
Stay current with the threat landscape, regulatory developments, and best practices
Foster a security-first mindset across the business.

Requirements

Bachelor’s degree in Computer Science, Information Security, Information Technology, or related discipline (or equivalent work experience)
10+ years of progressive experience in Information Security, Cyber Risk, or Technology Risk roles
5+ years in the financial services or banking industry with working knowledge of relevant regulations (e.g., GLBA, FFIEC, PCI, SOX)
Proven experience influencing executive leadership and communicating complex technical risks in business terms
Demonstrated success in leading cross-functional teams and delivering cybersecurity solutions at scale
Experience with cybersecurity governance frameworks (e.g., NIST CSF, ISO/IEC 27001) and enterprise risk management practices

Benefits

Annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity risk assessmentcybersecurity governance frameworksNIST CSFISO/IEC 27001enterprise risk managementsecurity risk and controls assessmentsremediation strategiesexecutive-level risk dashboardscybersecurity solutionsregulatory compliance

Soft Skills

influencing executive leadershipcommunication of technical riskscollaborationcross-functional team leadershipproactive engagementawareness promotionsecurity-first mindsetactionable guidancetimely communicationstrategic alignment