Jobs · Information Technology · New York

Director, Cybersecurity Regulatory Engagement (1LOD)

BNY · New York, NY · 2 wk ago
HybridInformation Technology$116k–$246k/yrFull-time

Role Summary

The Director, Cybersecurity Regulatory Engagement (1LOD) is an individual contributor role within Cybersecurity Governance, Risk & Controls (CGRC). Consistent with the First Line of Defense (1LOD) mandate, this role manages and executes cybersecurity regulatory engagement activities contributing to effective risk and control outcomes.

Primary Responsibilities

  • Execute end-to-end cybersecurity regulatory engagements, including regulatory exams, supervisory meetings, remediation activities, and requests for information (RFIs).

  • Carefully coordinate globally with cybersecurity process owners, control owners, and subject matter experts, to deliver accurate, consistent, and regulator-ready responses.

  • Partner closely with Engineering Controls, Technology Risk (2LOD), Internal Audit (3LOD), and other cross-functional stakeholders to ensure coordinated and well-governed regulatory execution.

  • Reinforce a risk-aware culture through disciplined 1LOD execution.

  • Drive the development of high-quality regulatory submissions by coordinating input across control owners, subject matter experts, and technical teams.

  • Review, challenge, and approve key regulatory responses to ensure alignment with the firm's cybersecurity posture and risk appetite.

  • Contribute to a centralized regulatory response repository, leveraging AI-enabled capabilities to improve response quality, consistency, and reuse.

  • Prepare executive-level briefings, materials, and talking points for senior management.

  • Partner with Engineering Controls, Risk, Compliance, Legal, and Internal Audit leadership throughout regulatory engagements.

  • Provide status updates and analysis to cybersecurity leadership.

  • Provide leadership, coaching, and oversight to supporting team members.

  • Maintain accurate regulatory engagement tracking, documentation, and artifacts in accordance with CGRC governance standards.

  • Contribute to continuous improvement of regulatory engagement playbooks, job aids, and execution routines.

  • Support reporting and metrics to provide transparency into regulatory risk, themes, and engagement status.

  • Support the design, implementation, and assessment of controls addressing regulatory expectations.

  • Contribute to 1LOD risk and control taxonomies.

  • Identify control gaps, thematic issues, and systemic risks surfaced through regulatory engagements and partner with control owners to drive remediation.

Required Qualifications

  • 12+ years of experience in cybersecurity, technology risk, governance, audit, controls or related technology disciplines.

  • Extensive experience in regulatory engagements, risk management, audit, or compliance within a large, complex, and highly regulated organization.

  • Proven track record leading regulatory exams, supervisory interactions, or other types of regulatory engagements.

  • Demonstrated ability to operate effectively at senior leadership and executive levels.

  • Strong understanding of cybersecurity risk management, control frameworks, and regulatory expectations applicable to financial institutions.

  • Exceptional written and verbal communication skills, with experience engaging regulators and senior executives.

  • Strong judgment, executive presence, and the ability to influence outcomes without direct authority.

  • Ability to manage multiple high-stakes regulatory engagements concurrently under pressure.

Similar jobs