Director, Cybersecurity Risk Management

Job Overview:

The Director of Cybersecurity Risk Management is responsible for building and maintaining Fortreas cybersecurity risk management function. This leader will oversee IT and third-party cybersecurity risk management - collaborating with peers and leaders across IT global support functions and business areas to manage cybersecurity risk throughout our global organization. They have proven experience in developing and executing such programs a deep understanding of the Fortrea business landscape and the ability to partner with other central functions that manage risk.

Summary of Responsibilities:

• Develop and drive the strategy for cybersecurity risk management at Fortrea positioning it as a business enabler.
• Establish and operate a cybersecurity risk management program designed to identify report and respond to cybersecurity risks in accordance with industry standards and frameworks (e.g. NIST CSF NIST 800-37 ISO/IEC 27001) and regulations (SOX GDPR HIPAA).
• Own and drive requirements for cybersecurity risk management tools.
• Identify assess and prioritize cybersecurity risks to the organizations assets and systems.
• Develop and implement risk mitigation strategies and controls to reduce organizational cyber risk.
• Partner with business and IT leaders to educate and ensure effective risk management.
• Manage a diverse team of employees contractors and managed service providers.
• Evaluate and assess cybersecurity risks associated with third-party suppliers and service providers to ensure compliance with organizational security standards.
• Collaborate with procurement privacy quality and vendor management teams to streamline the third-party risk assessment process.
• Develop and implement cybersecurity risk mitigation strategies and controls for third parties including contractual language and ongoing monitoring.
• Oversee cybersecurity audits as required.
• Stay current on the latest cybersecurity trends threats and regulatory changes.
• Develop metrics and reporting; create and present regular reports on the organizations cybersecurity risk posture to senior management and stakeholders.
• Manage the cyber risk register and ensure alignment with enterprise risk management.

Qualifications (Minimum Required):

• Experience in cybersecurity IT and third-party risk management within a global highly regulated environment.
• Solid understanding of industry standards (NIST CSF ISO/IEC 27001 ISO/IEC 31000) and regulations (SOX GDPR HIPAA GCPs).
• Experience managing third-party service providers consultants and internal staff.
• Strong presentation written and verbal communication skills.
• Ability to think strategically innovate and execute effectively.
• Proven experience collaborating across various IT and business domains at both SME and senior leadership levels.

Experience (Minimum Required):

• Bachelors degree in Computer Science Cybersecurity or a related field.
• Advanced certifications such as CISSP ISO 27001 CISM or CRISK.
• Minimum 7 years experience in cybersecurity risk management.
• Minimum 3 years experience in people leadership and performance management.
• Fortrea may consider relevant and equivalent experience in lieu of educational requirements.

Physical Demands / Work Environment:

• Must be able to work in a fast-paced high-stress environment that requires quick decision-making and effective problem-solving skills.

Learn more about our EEO & Accommodations request here.