Security Engineer

• Lead oversight efforts for Third Party Technology and Security practices across the enterprise
• Establish and maintain a comprehensive oversight framework for third-party relationships and vendor risk management activities
• Partner across teams and key stakeholders to drive security risk and governance initiatives and lead complex projects/programs
• Identify and address complex security risks; recommend best practices and new approaches aligned with business priorities
• Provide independent second-line oversight across the third-party lifecycle: planning, due diligence, contracting, onboarding, monitoring, change management, and exit
• Review and challenge technology/security due diligence activities, vendor risk tiering/criticality, concentration and fourth‑party/chain risk determinations
• Validate KRIs/KPIs and continuous-monitoring approaches; synthesize monthly/quarterly trends and themes
• Lead targeted deep-dive and thematic reviews of high-risk or material vendors; document risk statements, opinions, and recommendations
• Validate issue remediation and risk acceptances; escalate where residual risk exceeds appetite and track closure to completion
• Prepare committee-ready reporting and dashboards; brief senior technology, security, and risk leaders on posture and emerging risks
• Contribute to annual risk and maturity assessments, and policy/standard maintenance for third-party technology and security
• Provide consultative guidance to first-line stakeholders while preserving independence and mentor team members

Manager, Cybersecurity Risk

Business Information Security Officer – Consumer and Wealth Management

Business Information Security Officer – Consumer and Wealth Management

Senior Bank Information Security Governance

Bank Information Security Governance Lead

Red Team Lead – Principal Security Engineer