Director of Cybersecurity Governance, Risk & Compliance
Job Description:
• Lead the Security GRC team responsible for Third Party Risk Management, control governance and testing, Business Continuity Management, and access governance.
• Set the vision, roadmap, and priorities for the Security Program in partnership with the CISO, other Security & IT functions, and Enterprise Risk Management.
• Mentor and develop team members.
• Define clear goals, performance expectations, and development plans.
• Act as a key advisor to security and business leadership on cyber and technology risk posture, tradeoffs, and remediation priorities.
• Own the Security Program and ensure that regulatory, contractual, and internal security requirements are satisfied across the enterprise and BaaS/fintech ecosystem.
• Define and maintain the enterprise control baseline mapped to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, aligning with GLBA, SOX, and PCI-DSS where applicable.
• Author and approve control narratives, RACI, evidence requirements, testing procedures, and control objectives.
• Author and maintain cybersecurity governance documents, such as policies and standards.
• Work with technical control owners to implement processes and automations aligned to written controls, policies, and standards.
• Champion “policy as code” and guardrails (e.g., identity, configuration, network segmentation, logging/monitoring) in partnership with Security Engineering and IT.
• Oversee targeted cyber/IT risk assessments for technology changes, third parties, products, and fintech programs and ensure clear articulation of inherent and residual risk.
• Maintain a centralized log of issues, control gaps, and remediation plans; ensure sustainable fixes and prevent recurrences by updating baselines, standards, and automation.
• Partner with Enterprise Risk Management on risk acceptance, watch lists, and aggregation of security risks into enterprise risk reporting.
• Own the design and execution of access certification campaigns across key systems and applications (e.g., core banking, identity platforms, cloud, fintech partner integrations).
Requirements:
• Demonstrated ability to operationalize the FFIEC IT Examination Handbooks, NIST CSF, and the CRI Profile into practical, auditable controls and testing procedures.
• Proven experience owning or leading Third Party Risk Management, control frameworks, and/or Business Continuity Management programs in a regulated environment.
• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards.
• Familiarity with Azure/Microsoft 365/Entra, Okta, Windows/Linux, networks, CI/CD, vulnerability management, EDR, logging/SIEM, and data protection.
• Experience with GRC platforms and workflow/ticketing systems.
• Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.
• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management, auditors, regulators, and fintech partners.
• Bias for automation and measurable outcomes.
• Comfortable in fast-moving, high-accountability settings.
Benefits:
• Medical Coverage : Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA) : Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA) : Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance : Plans to keep you and your family smiling and seeing clearly.
• Life Insurance : Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD) : Income protection in the event of a long-term illness or injury.
• Supplemental Benefits : Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan : A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off : Generous vacation and sick leave policies to support your time away from work.
• Holidays : Enjoy 11 paid holidays throughout the year.
Apply tot his job
Apply To this Job