Cybersecurity Risk Management Senior Lead

Key Responsibilities:

• Assist business line leadership with identifying, assessing, controlling, mitigating, and communicating risks associated with business processes and decisions. Evaluate the root cause, the corrective action plans, and work with business partners Technology teams to successfully implement and document remediation

• Support the business in the development of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)

• Keep the Business aware of the risk and control environment of the Business through continuous and open communication, by preparing and hosting meetings with Senior Management to present and follow-up on issues, concerns, and corrective action plans.

• Provide oversight and governance to the assigned business unit regarding its control environment including change activities (both business and regulatory change)

• Execute, facilitate and monitor risk governance mechanisms, including but not limited to, Compliance Risk and Control Self-Assessment (C-RCSA), Risk and Control Self-Assessment (RCSA), key risk indicators, policies, risk committees and other elements of the Enterprise Risk Framework

Qualifications

• Bachelor's degree in information technology, cybersecurity, or a related field; Minimum of 8 years of experience in cybersecurity and risk management roles. Master's degree plus 6 years of experience preferred.

• Strong understanding of IT security frameworks and regulatory requirements.

• Executive Communication Skills: Proven experience in presenting risk management findings and recommendations to executive committees, risk oversight bodies, and boards of directors. Ability to distill complex information into actionable insights for senior leaders.

• Excellent problem-solving, analytical, and critical thinking skills to effectively respond to shifting priorities, demands and timelines

• Leadership and Influence: Demonstrated ability to engage, influence, and collaborate with senior executives and cross-functional teams to drive strategic risk initiatives and foster a risk-aware culture.

• Cyber and Enterprise Risk Management Expertise: Deep understanding of cyber and ERM principles and frameworks (e.g., NIST, ISO, COSO, COBIT) with experience.

• Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) are preferred.
• Successful candidate must have excellent communication skills, executive level story-telling ability in order to properly convey importance of remediation for prioritized issues.
• Ability to collaborate up, down, and peer-to-peer to achieve desired outcomes.
• Self-starter/manager, ability to stand-in for Sr. Director in risk management discussions.
• Strong risk management background; passion for risk management.
• Ability to coordinate and manage ad-hoc risk assessments.
• Ability to manage formal annual and targeted risk assessments.
• Technical understanding and experience a significant plus.

USD 131,600.00 - 219,400.00 per year
Compensation:
Compensation includes a base salary of $131,600.00 - $219,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.