Head of Cyber Risk for Functions and Technology

Head of Cyber Risk for Functions and Technology

Requirements

• Minimum of 10 years of progressive experience in cyber risk management, information security within the financial services industry.
• Proven experience leading and managing a team of cyber risk professionals.
• Demonstrated experience in developing and implementing cyber risk strategies and frameworks in a large, global organization.
• Significant experience interacting with senior management and presenting risk findings.
• Experience in 1st Line of Defense risk management and interfacing with regulators, auditors, and risk committees.
• Ability to assess emerging threats, cyber risk trends, and define control strategies.
• Deep understanding of cyber risk management principles, frameworks (e.g., NIST CSF, ISO 27001, Cyber Risk Institute Profile), and methodologies.
• Familiarity with regulatory requirements and compliance frameworks relevant to the financial industry (e.g., GDPR, CCPA, GLBA).
• Strong knowledge of various cyber threats, vulnerabilities, and attack techniques.
• Experience with risk assessment methodologies (e.g., qualitative and quantitative risk analysis).
• Excellent data analysis and reporting skills, with the ability to translate technical findings into business-relevant insights.
• Experience in developing and implementing risk metrics and key risk indicators (KRIs).
• Understanding of technology infrastructure, cloud computing, and application development.
• Exceptional communication and presentation skills, with the ability to effectively communicate complex technical information to both technical and non-technical audiences, including senior management.
• Strong leadership and team management skills, with the ability to motivate, develop, and inspire a team.
• Excellent interpersonal and relationship-building skills, with the ability to collaborate effectively with diverse stakeholders.
• Strategic thinking and problem-solving skills, with the ability to anticipate future risks and develop proactive solutions.
• Strong influencing and negotiation skills, with the ability to drive consensus and achieve desired outcomes.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Strong analytical and critical thinking skills, with a keen attention to detail.
• High level of integrity and ethical standards.

Responsibilities

• Develop and implement a comprehensive cyber risk strategy aligned with the company’s overall risk appetite and regulatory requirements for global functions and technology business units.
• Establish and maintain a robust cyber risk management operations and ensure cyber risk exposures are managed within the defined company risk appetite, proactively identifying and addressing potential breaches.
• Prepare and present clear, concise, and insightful cyber risk reports to senior management and relevant risk committees, effectively communicating risk exposures and mitigation strategies.
• Build and maintain strong relationships with senior and mid-level managers across business, technology, and risk functions, acting as a trusted advisor on all cyber risk matters.
• Represent the First Line of Defense cyber risk perspective in various risk forums and committees, contributing to informed decision-making.
• Lead, mentor, and develop a team of cyber risk analysts, fostering a high-performance culture focused on collaboration and excellence.
• Identify emerging thematic cyber risk issues, analyze potential impacts, and develop proactive preventative and detective controls to mitigate these risks.
• Oversee the design, implementation, and ongoing assessment of cyber risk controls to ensure their effectiveness in reducing risk.
• Partner with the internal regulatory team to address cyber risk-related inquiries and ensure compliance with relevant regulations.
• Collaborate effectively with the CISO organization, Technology and Business Risk & Controls, Second Line of Cyber Risk, Internal Audit, and other relevant stakeholders.

Preferred Qualifications

• Master’s degree preferred
• Relevant professional certifications such as CISSP, CISM, CRISC, or equivalent are highly preferred.