Director, Cybersecurity Regulatory Engagement (1LOD)
hackajob · New York, NY · 2 wk ago
On-siteInformation Technology$116k–$246k/yrFull-time
Role Summary
The Director, Cybersecurity Regulatory Engagement (1LOD) is an individual contributor role within Cybersecurity Governance, Risk & Controls (CGRC). Consistent with the First Line of Defense (1LOD) mandate, this role manages and executes cybersecurity regulatory engagement activities contributing to effective risk and control outcomes.
Primary Responsibilities - 1LOD Alignment
- Execute end-to-end cybersecurity regulatory engagements, including regulatory exams, supervisory meetings, remediation activities, and requests for information (RFIs).
- Carefully coordinate globally with cybersecurity process owners, control owners, and subject matter experts to deliver accurate, consistent, and regulator-ready responses. Additionally, partner closely with Engineering Controls, Technology Risk (2LOD), Internal Audit (3LOD), and other cross-functional stakeholders to ensure coordinated and well-governed regulatory execution.
- Reinforce a risk-aware culture through disciplined 1LOD execution.
- Drive the development of high-quality regulatory submissions by coordinating input across control owners, subject matter experts, and technical teams.
- Ensure alignment with the firm's cybersecurity posture and risk appetite by reviewing, challenging, and approving key regulatory responses.
- Leverage AI-enabled capabilities to improve response quality, consistency, and reuse in a centralized regulatory response repository.
- Prepare executive-level briefings, materials, and talking points for senior management, including materials for senior management committees and boards.
- Partner with Engineering Controls, Risk, Compliance, Legal, and Internal Audit leadership throughout regulatory engagements.
- Provide status updates and analysis to cybersecurity leadership.
- Lead, coach, and oversee supporting team members.
- Maintain accurate regulatory engagement tracking, documentation, and artifacts in accordance with CGRC governance standards.
- Contribute to continuous improvement of regulatory engagement playbooks, job aids, and execution routines.
- Support reporting and metrics to provide transparency into regulatory risk, themes, and engagement status.
- Support the design, implementation, and assessment of controls addressing regulatory expectations.
- Contribute to 1LOD risk and control taxonomies.
- Identify control gaps, thematic issues, and systemic risks surfaced through regulatory engagements and partner with control owners to drive remediation.
Required Qualifications
- 12+ years of experience in cybersecurity, technology risk, governance, audit, controls, or related technology disciplines.
- Extensive experience in regulatory engagements, risk management, audit, or compliance within a large, complex, and highly regulated organization.
- Proven track record leading regulatory exams, supervisory interactions, or other types of regulatory engagements.
- Experience operating in a First Line of Defense (1LOD) role.
- Demonstrated ability to operate effectively at senior leadership and executive levels.
- Strong understanding of cybersecurity risk management, control frameworks, and regulatory expectations applicable to financial institutions.
- Ability to synthesize complex technical and risk topics into clear, defensible regulatory narratives.
- Exceptional written and verbal communication skills, with experience engaging regulators and senior executives.
- Strong judgment, executive presence, and the ability to influence outcomes without direct authority.
- Ability to manage multiple high-stakes regulatory engagements concurrently under pressure.