Technology Risk Director- CyberSecurity
Citizens · Johnston, RI · 6 days ago
Information Technology$190k–$240k/yrFull-time
Key Responsibilities
- Lead, coach, and develop a team of cybersecurity risk analysts, principals, and managers, establishing a consistent, scalable, and value-driven risk support model across the enterprise.
- Define and evolve the cybersecurity risk management strategy and operating model, ensuring alignment with enterprise risk appetite, regulatory requirements, and business priorities.
- Translate cyber and technology risks into business-relevant impacts, enabling senior management to make informed, risk-based decisions.
- Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
- Define and maintain key risk indicators (KRIs), controls, and control testing strategies to measure cybersecurity risk exposure and control effectiveness.
- Provide oversight of Risk and Control Self Assessments (RCSAs), Targeted Risk Reviews, business initiative risk assessments, and issue management, ensuring timely remediation and sustainable risk reduction.
- Maintain visibility into detailed cyber risk assessments, advising business and technology leaders on prioritized mitigation strategies and risk tradeoffs.
- Act as a strategic risk advisor to business lines and technology leaders, providing day-to-day guidance on regulatory compliance, risk mitigation, and industry best practices.
- Advisory on new products, processes, technologies, and strategic initiatives, ensuring appropriate risk identification, control design, and governance approvals are in place.
- Guide business partners through enterprise governance forums and approval processes, ensuring cyber risks are understood, documented, and appropriately managed.
- Serve as the primary risk lead for regulatory exams and audits related to cybersecurity and technology risk for assigned products or functions.
- Partner with Internal Audit, and second-line stakeholders, leading exam preparation, responses, and ongoing issue remediation.
- Ensure compliance with applicable laws, regulations, and supervisory guidance, including FFIEC, GLBA, SOX, and other relevant standards.
- Build and maintain strong, trusted relationships with business partners, technology leaders, security teams, project stakeholders, and subject matter experts.
- Collaborate across lines of defense to provide effective challenge while enabling responsible innovation and delivery.
- Promote a culture of cybersecurity awareness and operational resilience across the organization.
Qualifications
- 10+ years of experience in Cybersecurity and/or Information Technology, with deep exposure to enterprise environments.
- 10+ years of risk management experience within financial services, preferably in cybersecurity, technology risk, or operational risk.
- Strong experience with cloud technologies (IaaS, PaaS, SaaS), DevSecOps, web applications, operating systems, databases, and networking.
- Broad knowledge of cybersecurity domains including: Network and infrastructure security, Vulnerability and configuration management, Identity and Access Management including Customer Identity, API and application security, Data protection and cryptography, Operational resilience, Incident, problem, and change management.
- Solid understanding of internal controls, risk assessments, and governance processes.
- Working knowledge of FFIEC guidance, GLBA, SOX, and related regulatory frameworks.
- Familiarity with leading industry frameworks, including Cybersecurity Risk Institute, NIST Cybersecurity Framework, Cloud Security Alliance, NIST 800 53, and ISO 27001.
- Demonstrated ability to synthesize complex risk data, prioritize mitigation actions, and influence outcomes.
- Exceptional communication and executive presence skills, with the ability to engage all levels of the organization.
- Proven leadership, coaching, and talent development experience.
- Strong project and program management capabilities across multiple stakeholders.