A financial firm is looking for a Director, Cyber & Information Security Risk to join their team in New York, NY.

Compensation: $220-280k

Responsibilities:

• Provide independent, proactive oversight and challenge of cybersecurity and information security risk management at the firm through execution of risk framework elements and embedded monitoring of key cyber/information security programs
• Assess and report cybersecurity and information security risk profile based on quantitative and qualitative risk measures and including assessment of effectiveness of planned remediation/mitigation of excess risk exposure
• Regulatory engagement, including regular supervisory meetings, exams, and sustainable remediation of findings
• Develop and maintain cybersecurity and information security risk management framework, second line of defense standards and guidelines, in alignment with the firm's Risk Governance Framework
• Talent management functions including: employment, performance evaluations, staff development/training, disciplinary actions, succession planning and ensuring all staff comply with compliance requirements
• Analyzes and resolves problems pertaining to differing views of risks/controls and due diligence relating to third parties

Qualifications:

Required

• Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity or relevant field
• 15+ years in Information Technology, Information Security, Cybersecurity risk management or related role
• Proven experience in senior leadership position in relevant domain, including strategically influencing senior management and key stakeholders
• 8-10 years' experience managing high performing teams
• 5 years' experience of large bank regulatory oversight
• Strong knowledge of cybersecurity frameworks, standards and regulations
• Expert knowledge in identification, measurement, monitoring and mitigating cyber and information security risks
• Demonstrated ability to provide outcome-based risk oversight and challenge to first line risk management
• Strong knowledge of non-financial risk frameworks
• Excellent verbal and written communication skills
• Strong analytical, troubleshooting, and root cause determination skills
• Strong ability to build consensus across diverse teams with competing agendas
• Ability to supervise, train, and motivate staff

Preferred

• Industry certifications such as Certified Information Systems Security Professional ("CISSP”), Certified Information Security Manager ("CISM”), Certified Risk and Information Systems Control ("CRISC”) a plus but not required
• Expertise in Gramm-Leach-Bliley Act (GLBA) requirements and effective GLBA program execution
• Financial industry experience