DESCRIPTION:

Duties: Responsible for leading the identification, monitoring, testing, evaluation, and governance of cybersecurity processes and controls for the company. Manage a team of technology and cybersecurity risk professionals in event reviews, risk assessments, and monitoring and evaluation activities of cybersecurity controls in the Firm’s technology environments, inclusive of third-party/outsourced environments. Define messaging and represent the Firmwide Technology and Cybersecurity Operational Risk function to senior management and regulators, providing escalation of material risks and advisory guidance and best practice across the Cybersecurity discipline to internal and external stakeholders. Lead design review efforts for enhancement of enterprise controls, advise on Cybersecurity risk reduction, assess Cybersecurity control efficacy, and evaluate metrics for completeness, effectiveness, and suitability. Ensure the ongoing monitoring and evaluation of Key Risk Indicators and raise breaches of thresholds to support the creation or uplift of mitigating controls to reduce or eliminate future breaches. Manage deep dive inspections of technologies in targeted processes or firmwide activities to ensure proper risk management practices are being followed. Perform risk assessments on company’s technology portfolio estate to understand the impact of internal and external Cybersecurity threats and vulnerabilities. Coordinate and facilitate the definition of the risk position on new technologies, and coordinate with technology principals on the related evolving risks. Partner with appropriate technology areas to identify potentially-elevated risk concentrations globally, and perform assessments of the corresponding inherent risks and mitigating controls. Recommend adjustments to current technology risk management practices required to meet company policy, regulatory requirements, and industry best practices. Develop and perform ongoing analysis of operational risk loss, near miss, and external events. Act as Cybersecurity Subject Matter Expert (SME) in key portfolio governance forums, control committees, and regulatory meetings.

QUALIFICATIONS:

Minimum education and experience required: Master’s degree in any field of study plus 7 years of experience in the job offered or as Tech Op Risk Management Director, Cyber Operational Risk Director, Principal Architect – Segmentation and Cloud, Principal Enterprise Security Architect, Cybersecurity Domain Architect, Solutions Architect/Engineer, or related occupation. The employer will alternatively accept a Bachelor’s degree in any field of study plus 10 years of experience in the job offered or as Tech Op Risk Management Director, Cyber Operational Risk Director, Principal Architect – Segmentation and Cloud, Principal Enterprise Security Architect, Cybersecurity Domain Architect, Solutions Architect/Engineer, or related occupation.

Skills Required: Requires seven (7) years of experience in the following: Security Architecture; Financial Services; Security Operations; Security Monitoring; Security Incident Response; Cyber Forensics; Vulnerability Management; Desktop and Server Security; Network Security; Perimeter Security; Data Security; Cloud and Third Party Security; and working with regulators.

Job Location: 237 Park Avenue, New York, NY 10017. Telecommuting permitted up to 40% per week.

Full-Time. Salary: $285,000.00-$299,000.00 per year.