Director, Cybersecurity Regulatory Engagement (1LOD)
Role Summary
The Director, Cybersecurity Regulatory Engagement (1LOD) is an individual contributor role within Cybersecurity Governance, Risk & Controls (CGRC). Consistent with the First Line of Defense (1LOD) mandate, this role manages and executes cybersecurity regulatory engagement activities contributing to effective risk and control outcomes.
Primary Responsibilities
Execute end-to-end cybersecurity regulatory engagements, including regulatory exams, supervisory meetings, remediation activities, and requests for information (RFIs).
Carefully coordinate globally with cybersecurity process owners, control owners, and subject matter experts, to deliver accurate, consistent, and regulator-ready responses.
Partner closely with Engineering Controls, Technology Risk (2LOD), Internal Audit (3LOD), and other cross-functional stakeholders to ensure coordinated and well-governed regulatory execution.
Reinforce a risk-aware culture through disciplined 1LOD execution.
Drive the development of high-quality regulatory submissions by coordinating input across control owners, subject matter experts, and technical teams.
Review, challenge, and approve key regulatory responses to ensure alignment with the firm's cybersecurity posture and risk appetite.
Contribute to a centralized regulatory response repository, leveraging AI-enabled capabilities to improve response quality, consistency, and reuse.
Prepare executive-level briefings, materials, and talking points for senior management.
Partner with Engineering Controls, Risk, Compliance, Legal, and Internal Audit leadership throughout regulatory engagements.
Provide status updates and analysis to cybersecurity leadership.
Provide leadership, coaching, and oversight to supporting team members.
Maintain accurate regulatory engagement tracking, documentation, and artifacts in accordance with CGRC governance standards.
Contribute to continuous improvement of regulatory engagement playbooks, job aids, and execution routines.
Support reporting and metrics to provide transparency into regulatory risk, themes, and engagement status.
Support the design, implementation, and assessment of controls addressing regulatory expectations.
Contribute to 1LOD risk and control taxonomies.
Identify control gaps, thematic issues, and systemic risks surfaced through regulatory engagements and partner with control owners to drive remediation.
Required Qualifications
12+ years of experience in cybersecurity, technology risk, governance, audit, controls or related technology disciplines.
Extensive experience in regulatory engagements, risk management, audit, or compliance within a large, complex, and highly regulated organization.
Proven track record leading regulatory exams, supervisory interactions, or other types of regulatory engagements.
Demonstrated ability to operate effectively at senior leadership and executive levels.
Strong understanding of cybersecurity risk management, control frameworks, and regulatory expectations applicable to financial institutions.
Exceptional written and verbal communication skills, with experience engaging regulators and senior executives.
Strong judgment, executive presence, and the ability to influence outcomes without direct authority.
Ability to manage multiple high-stakes regulatory engagements concurrently under pressure.