Define program goals, measurable objectives and governance framework
Design, scope, and execute program(s) to achieve stated objectives in alignment with business strategies and priorities
Perform program functions and duties that may include: planning, scheduling, and oversight of internal/external system user attestations across the enterprise; assessing and consulting on third-party cyber risks; review and negotiation of cyber contracts; coordination of IT components of onsite and virtual audits/assessments (e.g., SOC1/2, PCI DSS/NIST CSF), NCUA regulatory examinations and client due diligence reviews.
Execute assigned program(s) in accordance with company reporting and certification deadlines (e.g., PCI DSS, NIST CSF, SOC1/2)
Gain support and buy-in by educating employees about program objectives, controls, and their responsibilities in mitigating cyber risks
Lead and manage cyber risk management and technology compliance initiatives
Interpret and translate cybersecurity and compliance requirements into program design
Proactively identify and monitor emerging cybersecurity threats and regulatory landscape; adapt program design, scope, and execution to mitigate risks and comply with new regulation
Collaborate and partner with cross-functional business and technology stakeholders at all levels to ensure program objectives are met; work with internal/external auditors, vendors, and clients as required
Monitor and assess program governance and effectiveness (e.g., QA reviews, control testing)
Define and report on KPIs
Identify and implement process improvements to drive program efficiencies, minimize impact to business operations, and enhance user experiences; incorporate Inspired Service elements into program design where possible
Perform all other duties as assigned.

Requirements

Bachelor’s or Master’s Degree in Computer Science, Cybersecurity, or related field, or equivalent combination of education and experience required.
Cybersecurity risk management and control certification or equivalent required (e.g., CISA, CISM, CRISC).
Project management or scrum master certification preferred (e.g., PMP, CSM).
Eight (8) years of relevant experience in public accounting firm, technology controls consulting, PCI/NIST CSF assessments, IT internal/external auditing, or cyber risk management, with at least five (5) years in a program manager or equivalent role identifying, assessing, and mitigating information security, technology compliance, and cyber risks.
Experience in financial services required.
Self-directed and ability to work independently with minimal supervision.
Knowledge of industry and cyber risk regulatory environment and information security standards (e.g., PCI DSS, FFIEC, NIST CSF, NIST AI Risk Management Framework).
Knowledge of local and federal cybersecurity regulations.
Knowledge of the principles and practices of information security, risk management, and control.
Ability to exercise discretion and good judgment in making decisions.
Ability to communicate effectively in both verbal and written formats, articulate information security and control concepts to technical and non-technical audiences, and give presentations using various audiovisual support aids.
Ability to be flexible, balance multiple projects, work under high pressure in complex, fast-paced environment, and meet deadlines.
Strong business acumen and ability to think pragmatically and influence balanced outcomes that achieve business requirements and cyber compliance objectives.
Effective collaboration skills, with the ability to work effectively with others through conflicting pressures and priorities while resolving complex issues.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity risk managementprogram managementIT auditingprocess improvementKPI reportingcyber risk assessmenttechnology complianceinformation security standardsproject managementrisk management

Soft Skills

effective communicationcollaborationself-directedflexibilitybusiness acumendiscretion and judgmentability to work under pressureproblem-solvinginfluencing outcomeseducating stakeholders

Certifications

CISACISMCRISCPMPCSM