Sr. Director, Cyber Risk and Trust
Asurion · Nashville, TN · Yesterday
On-siteFinanceFull-time
Key Responsibilities
- Define and execute the Cyber Risk and Trust strategy, operating model, roadmap, and metrics, delivering an enterprise-wide approach to governance, risk, compliance, assurance, and trust enablement.
- Partner with security, technology, legal, privacy, procurement, internal audit, product, sales, and business leaders to prioritize and remediate cyber risk, and to align security with business objectives.
- Develop executive reporting that communicates risk posture, control maturity, audit readiness, policy compliance, third-party exposure, customer assurance activity, awareness effectiveness, and progress against objectives.
- Own the customer-facing trust and assurance program, including audits, security questionnaires, evidence requests, and attestations; standardize evidence, reduce cycle time, and maintain a customer-ready trust repository.
- Lead the enterprise cyber risk management program, including methodologies, assessments, quantification, treatment, exception management, and a maintained risk register with clear ownership and remediation tracking.
- Establish and govern cybersecurity policies and standards; run approval forums, manage exceptions, and ensure requirements are enforceable, measurable, and mapped to business needs and control owners.
- Drive regulatory and framework alignment across NIST, ISO, SOC 2, CIS Controls, PCI DSS as applicable, and international models (UK, Germany, Japan, Korea, Singapore, Latin America); lead mappings, gap analyses, and remediation plans.
- Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding, and offboarding.
- Build a modern, behavior-focused cyber awareness and culture program with role-based training, campaigns, and simulations; measure impact through behavior and incident metrics.
- Recruit, develop, and lead a high-performing team across assurance, risk, governance, third-party risk, and awareness; establish operating rhythms, SLAs, intake, prioritization, and quality standards.
- Represent the function in executive forums, customer meetings, and governance committees; translate technical issues into business impact and decision-ready recommendations; serve as a senior escalation point.
Education and Experience
- Masters degree or higher in cybersecurity, information systems, computer science, risk management, business, or related field, or equivalent practical experience preferred.
- 15+ years of progressive experience in cybersecurity, technology risk, GRC, security assurance, audit, third-party risk, or related disciplines.
- 12+ years leading teams, managers, or cross-functional cybersecurity programs in complex enterprise environments.
- Demonstrated leadership in cybersecurity governance, risk management, compliance, customer assurance, policy and standards, third-party risk, and security awareness programs.
- Deep knowledge of NIST CSF, NIST SP 800-series, ISO/IEC 27001/27002, SOC 2 Trust Services Criteria, and CIS Controls.
- Strong working knowledge of international frameworks and expectations in the UK, Germany, Japan, Korea, Singapore, and Latin America.
- Experience leading customer audits, security questionnaires, contractual security reviews, and external assurance activities with standardized evidence management.
- Experience developing and operationalizing cybersecurity policies, standards, and procedures; conducting control maturity assessments and framework mappings.
- Experience building and operating third-party cyber risk management programs with risk-based assessments and ongoing monitoring.
- Proven ability to communicate cyber risk to executive, technical, legal, commercial, and customer audiences, balancing risk reduction with business velocity.