Assessments & Exercises Director Third Party Assurance

Job Summary

As an Executive Director within the Cybersecurity and Technology Controls (CTC) Assessments & Exercises function you will serve as the senior technical authority for third-party cybersecurity assurance. You will bring deep hands-on expertise in cybersecurity architecture cloud security and enterprise control frameworks to critically evaluate the control maturity of the firms most complex and strategically significant suppliers.

Reporting to the Global Third-Party Assurance Lead you help to elevate the technical rigor depth and credibility of third-party assurance outcomes. You will translate complex technical findings into clear business-relevant risk insights for senior stakeholders across Cybersecurity Technology Risk and the Business and will act as a trusted escalation point for the most technically challenging assessments.

Job Responsibilities

• Provide authoritative technical leadership across third-party cybersecurity assessments bringing deep expertise in cybersecurity architecture cloud-native and hybrid environments application security and enterprise control domains.
• Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture control maturity and architectural resilience particularly for the firms most critical and complex third-party relationships.
• Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firms risk appetite.
• Evaluate supplier security architectures across public cloud providers (AWS Azure Google Cloud) assessing the design and effectiveness of controls in cloud-native hybrid and on-premises environments.
• Act as the senior technical escalation point for complex supplier risks control gaps and remediation strategies providing credible challenge and expert advisory input.
• Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities including architecture reviews threat modelling and cloud security posture evaluation.
• Translate complex technical cybersecurity risks and supplier control deficiencies into clear actionable business-relevant insights for senior leadership and non-technical audiences through detailed reports presentations and other appropriate methods.
• Partner with Product Security Cybersecurity Architecture Technology Risk & Controls and Cybersecurity pillar leads to ensure alignment in control intent solution design and third-party risk remediation.
• Lead thematic analysis to identify systemic technical weaknesses emerging risks and trends across the supplier landscape and recommend strategic remediation approaches.

Required Qualifications Capabilities and Skills

• 10 years of professional experience in cybersecurity with significant depth in senior technical and/or architecture-focused positions.
• Proven ability to assess and articulate the cybersecurity control maturity of complex technology environments including enterprise cloud-native and hybrid architectures.
• Deep hands-on expertise in cybersecurity architecture threat modelling and designing or evaluating secure controls for enterprise-level solutions.
• Strong understanding of industry cybersecurity frameworks and key control domains (e.g. NIST CSF ISO 27001 FFIEC SOC 2 GDPR).
• Thorough design and operational experience across one or more major public cloud providers (AWS Azure Google Cloud) with relevant certifications advantageous.
• Proficiency with Cloud Security Posture Management (CSPM) tools and cloud security assessment methodologies.