Cybersecurity Risk Lead

We are currently seeking a Cybersecurity Risk Lead to join our bank’s second line of defense. This role involves providing expert guidance, credible challenge, and effective oversight of technology and information security activities throughout the company. The Cybersecurity Risk Lead will incorporate and monitor the bank's risk management framework on Technology Risk, identifying regulatory, legal, and compliance risk exposures related to products, solutions, environments, and frameworks.

• Manage and coordinate technology risk activities to ensure material/key risks are appropriately identified, managed, escalated, tracked, and remediated timely.
• Engage effectively with the first line of defense to assess control effectiveness and monitoring activities, strengthening the control environment and reducing risk.
• Perform comprehensive and independent risk analysis activities, along with ongoing credible challenge activities to support technology risk.
• Analyze, aggregate, and articulate results/issues/recommendations related to control testing activities.
• Lead independent identification, assessment, monitoring, and reporting of technology risk across the company’s technology environment.
• Review and analyze internal and external reports for risk issues using the bank's risk framework.
• Assist with monitoring and validating the closure of risks/control issues identified through testing results.
• Conduct reviews of Risk and Control Self-Assessments (RCSAs) and assess the adequacy and effectiveness of controls within technology-related process/risk areas to conclude on the design and operating effectiveness of key controls.
• Support quality assessments of RCSAs completed by first line managers and recommend changes as appropriate.
• Influence control owners and other stakeholders to build consensus on risk mitigation and remediation strategies.
• Prepare ad-hoc risk management reports as assigned.
• Stay updated with industry best practices and new regulations.
• Perform other duties and special projects as assigned.

• 5+ years of direct, related experience in Risk Management, Information Technology Audit, or Cyber Security.
• Strong written and verbal communication skills to confidently interact across all levels of the organization, including management, executives, regulators, and the board of directors.
• Outstanding business and cybersecurity communication skills.
• Highly organized and efficient, with the ability to balance and manage multiple projects concurrently.
• Demonstrated strategic and tactical thinking, decision-making skills, and business acumen.
• Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards, and practices.
• Knowledge and experience with frameworks and specific regulatory guidance, including CRI, NIST, GLBA, ISO, COBIT, and FFEIC.