Cybersecurity Third Party Assessment Operations Director
Cybersecurity Third Party Assessment Operations Director
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 204250 - 325000
1 Vacancy
Job Description
Spearhead cuttingedge security strategies and resilience initiatives shaping the future of cybersecurity.
As an Assessments & Exercises Director within the Cybersecurity Technology and Controls line of business you will play a pivotal role in strengthening our firms cybersecurity and resilience. Your responsibilities will include designing and executing testing engagements to proactively detect risks and vulnerabilities in our personnel procedures and technology using sophisticated assessment methodologies and techniques. You will be tasked with addressing the most intricate cyber and resilience risks that our firm encounters utilizing your extensive experience in conducting assessments across a variety of systems networks and architectures. Your capacity to dissect and communicate complex vulnerabilities will be crucial in improving our security strategy and reducing cyber and resilience risks. Additionally you will supervise and manage our Cybersecurity and Tech Controls (CTC) thirdparty cyber assessment capabilities playing a vital role in ensuring that our thirdparty relationships are secure compliant and in line with our organizations risk tolerance.
This role will spearhead the strategic oversight and management of Cybersecurity and Tech Controls (CTC) thirdparty cyber assessment capabilities. This role is pivotal in ensuring that thirdparty relationships are secure compliant and aligned with the organizations risk appetite. The Executive Director will manage executive expectations develop insightful reporting and metrics and enhance risk management practices. Additionally this role will focus on strengthening contractual agreements act as the audit/second line interface for the function and own the cyber tech and data requirements for third parties. The Executive Director will collaborate closely with Tech Risk and Controls Product Security Business Control Managers and GRC leads to ensure a unified approach to ThirdParty risk management.
Job responsibilities
- Lead efforts to enhance the firms third party risk assessment and control environment identifying areas of improvement and advising on control implementation to mitigate thematic risks
- Influence and drive the efficient and effective execution of assessment programs ensuring alignment with organizational objectives risk appetite and regulatory compliance
- Drive and oversee Third Party Assurance priorities and associated book of work continuously assessing and updating requirements to address evolving threats and regulatory changes
- Prepare and deliver reports and metrics to provide insights into risk trends and program effectiveness engaging with stakeholder to communicate the status of third party cyber and technology risks
- Partner with Risk Pillars and Control Owners to define and maintain the cyber tech and data requirements for thirdparty vendors ensuring they reflect current best practices and organizational standards
- Act as a liaison to Tech Risk and Controls Product Security Business Control Managers and GRC leads to foster a collaborative approach to thirdparty risk management and partner with legal and procurement teams to ensure contracts with thirdparty vendors include robust cybersecurity and data protection provisions
- Stay abreast of industry developments emerging threats and best practices to ensure the program remains cuttingedge
- Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
- Lead the successful execution of riskdriven testing and simulations such as penetration tests technical controls assessments cyber exercises or resiliency simulations and the development of comprehensive assessments reports including actionable recommendations report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
- Influence and partner with crossfunctional teams to make datadriven decisions that lead to continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats vulnerabilities industry best practices and regulations and lead engagement with internal and external stakeholders including industry peers and government agencies to share insights and contribute to the development of cybersecurity and resiliency policies
Required qualifications capabilities and skills
- 7 years of experience in cybersecurity or resiliency with demonstrated ability to implement complex assessments or exercises collaboratively with diverse stakeholders subject matter experts and senior leaders
- Demonstrated experience building operating and enhancing thirdparty risk management oversight programs
- Demonstrated leadership experience in managing complex programs and crossfunctional teams
- Indepth knowledge of cybersecurity frameworks standards and regulations (e.g. NIST ISO GDPR)
- Exceptional communication and presentation skills with the ability to engage and influence executive audiences.
- Strong analytical and strategic thinking skills with a focus on proactive risk management
- Ability to prioritize and work under stringent timelines and lead within a matrix line of business technology organization
- Strong understanding of the current threat landscape and resiliency concerns national and international laws regulations policies and ethics related to cybersecurity or resiliency
- Demonstrated expertise in security assessment methodologies threat intelligence utilization control evaluation techniques or resiliency testing
- Experience developing and presenting briefings to senior leaders and large audiences in addition to meeting facilitation conflict resolution and providing program updates to senior leaders regulators and industry groups
Preferred qualifications capabilities and skills
- Relevant certifications (e.g. CISSP CISM CRISC) are advantageous
- Bachelors degree in Information Security Cybersecurity Risk Management or a related field; advanced degree preferred
Required Experience:
Director
Employment Type
Full-Time
