Develop, implement, and maintain cybersecurity policies, standards, and control frameworks aligned with industry regulations and business objectives
Establish and operate cybersecurity governance models, steering committees, and approval processes
Maintain unified control inventory and oversee validation activities with internal and external assessors
Design and execute comprehensive cybersecurity risk assessment frameworks and methodologies
Manage risk treatment plans, remediation tracking, and escalation processes in alignment with enterprise risk management
Provide risk advisory services and integrate findings into strategic cybersecurity planning
Lead compliance readiness assessments and coordinate audit activities across multiple frameworks (PCI DSS, SOC 2, ISO 27001, etc.)
Manage audit findings remediation and maintain compliance reporting for internal and external stakeholders
Support legal and contract negotiations regarding cybersecurity requirements
Oversee third-party cybersecurity risk assessments and vendor management processes
Lead customer due diligence, security questionnaire responses, and Trust Center operations
Support sales enablement through security documentation and customer audit facilitation

Requirements

Proven experience (6+ years) in a security leadership role with deep expertise in cybersecurity governance, risk management, and compliance
Proven experience with regulatory frameworks (PCI DSS, SOC 2, ISO 27001, NIST, SOX)
Experience in financial services, fintech, or highly regulated industries
Demonstrated success in audit management and customer-facing security assessments
Strong analytical and problem-solving capabilities with attention to detail
Excellent written and verbal communication skills for technical and executive audiences
Experience with GRC tools (OneTrust, ServiceNow, or similar platforms)
Strong business acumen and ability to align security initiatives with business objectives
Track record of cultivating relationships across teams, influencing decision making, and collaborating with stakeholders at all levels of the organization
Proven ability to develop structure, advance execution, and measure performance within various and complex projects, teams, and environment
Proactive and strategic mindset, with the ability to anticipate business needs of the cybersecurity organization and stakeholders
A strong bias toward action and ability to operate proactively and effectively in a dynamic, fast-paced environment
High ethical standards and a commitment to promoting a strong security culture
One or more industry certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity governancerisk managementcompliancecybersecurity policiesrisk assessment frameworksaudit managementvendor managementremediation trackingthird-party risk assessmentssecurity documentation

Soft Skills

analytical skillsproblem-solvingattention to detailwritten communicationverbal communicationbusiness acumenrelationship buildinginfluencing decision makingcollaborationproactive mindset

Certifications

CISMCRISCCISSPISO 27001 Lead Auditor