Jobs · Finance · Tennessee

Sr. Director, Cyber Risk and Trust

Asurion · Nashville, TN · Yesterday
On-siteFinanceFull-time

Key Responsibilities

  • Define and execute the Cyber Risk and Trust strategy, operating model, roadmap, and metrics, delivering an enterprise-wide approach to governance, risk, compliance, assurance, and trust enablement.
  • Partner with security, technology, legal, privacy, procurement, internal audit, product, sales, and business leaders to prioritize and remediate cyber risk, and to align security with business objectives.
  • Develop executive reporting that communicates risk posture, control maturity, audit readiness, policy compliance, third-party exposure, customer assurance activity, awareness effectiveness, and progress against objectives.
  • Own the customer-facing trust and assurance program, including audits, security questionnaires, evidence requests, and attestations; standardize evidence, reduce cycle time, and maintain a customer-ready trust repository.
  • Lead the enterprise cyber risk management program, including methodologies, assessments, quantification, treatment, exception management, and a maintained risk register with clear ownership and remediation tracking.
  • Establish and govern cybersecurity policies and standards; run approval forums, manage exceptions, and ensure requirements are enforceable, measurable, and mapped to business needs and control owners.
  • Drive regulatory and framework alignment across NIST, ISO, SOC 2, CIS Controls, PCI DSS as applicable, and international models (UK, Germany, Japan, Korea, Singapore, Latin America); lead mappings, gap analyses, and remediation plans.
  • Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding, and offboarding.
  • Build a modern, behavior-focused cyber awareness and culture program with role-based training, campaigns, and simulations; measure impact through behavior and incident metrics.
  • Recruit, develop, and lead a high-performing team across assurance, risk, governance, third-party risk, and awareness; establish operating rhythms, SLAs, intake, prioritization, and quality standards.
  • Represent the function in executive forums, customer meetings, and governance committees; translate technical issues into business impact and decision-ready recommendations; serve as a senior escalation point.

Education and Experience

  • Masters degree or higher in cybersecurity, information systems, computer science, risk management, business, or related field, or equivalent practical experience preferred.
  • 15+ years of progressive experience in cybersecurity, technology risk, GRC, security assurance, audit, third-party risk, or related disciplines.
  • 12+ years leading teams, managers, or cross-functional cybersecurity programs in complex enterprise environments.
  • Demonstrated leadership in cybersecurity governance, risk management, compliance, customer assurance, policy and standards, third-party risk, and security awareness programs.
  • Deep knowledge of NIST CSF, NIST SP 800-series, ISO/IEC 27001/27002, SOC 2 Trust Services Criteria, and CIS Controls.
  • Strong working knowledge of international frameworks and expectations in the UK, Germany, Japan, Korea, Singapore, and Latin America.
  • Experience leading customer audits, security questionnaires, contractual security reviews, and external assurance activities with standardized evidence management.
  • Experience developing and operationalizing cybersecurity policies, standards, and procedures; conducting control maturity assessments and framework mappings.
  • Experience building and operating third-party cyber risk management programs with risk-based assessments and ongoing monitoring.
  • Proven ability to communicate cyber risk to executive, technical, legal, commercial, and customer audiences, balancing risk reduction with business velocity.

Similar jobs