What are the responsibilities and job description for the Cyber Regulatory CRI Profile Program Manager position at Amtex System Inc.?
Amtex Systems Inc is an information technology and talent solutions company offering talent and BI consulting to the companies in US for over 25 years.
Our solutions are designed to fill resource gaps, by providing the right candidates who deliver value to the organization. Our propensity to nurture and build strong relationships with our clients helps us better understand their business demands and gives us the ability to provide services that are on time and rise above the rest.
Cyber Regulatory CRI Profile Program Manager
Duration: Long Term
Location: Must be based in Buffalo, NY, 1-2 days from the office
Role Description
• Broad understanding of cybersecurity across Security Operations, engineering, technology, controls, and tooling, with the ability to translate technical topics into clear regulatory and executive-level messaging.
• Strong knowledge of IT (preferably cybersecurity) governance, risk management, and compliance, including experience assessing cyber regulatory compliance and supporting regulatory exams and inquiries.
• Demonstrated program management capability, with end-to-end ownership of time-bound, non-discretionary regulatory deliverables (e.g., CRI Profile assessment, GLBA reporting, NYDFS attestation support), including planning, execution, quality control, and submission readiness.
• Proven ability to develop and maintain repeatable, auditable operating models by documenting processes and building program artifacts (procedures, templates, guidance, training materials, trackers, and evidence repositories).
• Ability to analyze and interpret cybersecurity risk and control metrics (KPI/KRI/KCI), identify data discrepancies, drive root-cause analysis with stakeholders, and track remediation actions through to closure.
• Strong stakeholder management skills, including the ability to coordinate across 1LOD, 2LOD, CCO Tech, Group Cybersecurity, technology teams, control owners, and non-US ITSOs to deliver outcomes on schedule.
Qualifications
• Bachelor’s Degree in relevant discipline (e.g., IT/Risk) or equivalent work experience.
• One or more industry certifications (e.g., CISSP, CISA, CISM) preferred.
• Strong, demonstrated program management experience, including end-to-end ownership of time-bound regulatory deliverables (e.g., FFIEC CAT/CRI Profile–type assessments and GLBA reporting), including planning, execution, quality control, and submission readiness.
• Prior experience with US Financial Services regulatory (OCC, FRB) engagement, experience in dealing with compliance matters, and regulatory liaison is preferred; knowledge of US Financial Services regulatory requirements is required.
• Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders.
• Ability to efficiently operate and analyze large data sets in Excel; proficiency with Microsoft tools (Word, Excel, PowerPoint, SharePoint, Power BI, Teams).
• Comprehensive understanding of banking and cybersecurity in the context of wider industry trends and direction.
• Strong written and verbal communication skills, including the ability to translate technical subject matter for non-technical audiences, with excellent attention to detail.
Key Responsibilities
• Leads delivery of mandatory United States cybersecurity regulatory programs and submissions, including planning, execution, quality control, and readiness for submission.
• Coordinates and delivers the annual report required under the Gramm-Leach-Bliley Act for the Board of Directors, including managing inputs from many stakeholders and ensuring consistent quality year over year.
• Supports regulatory engagement and examinations by coordinating responses, gathering evidence, and ensuring materials are complete, accurate, and suitable for regulators and senior leadership.
• Builds and maintains repeatable, auditable ways of working by documenting processes and maintaining templates, guidance, training materials, trackers, and centralized evidence repositories.
• Produces clear, well-evidenced reporting and briefing materials for senior management, the Board of Directors, and regulators on cybersecurity risk, compliance status, and program outcomes.
• Reviews cybersecurity risk and control performance metrics, identifies data issues, drives root-cause analysis with stakeholders, and tracks remediation actions through closure.
• Prepares materials and action tracking for recurring regulatory governance routines, including meeting packs, follow-ups, and escalation of delivery risks and dependencies.
• Maintains the annual New York State cybersecurity attestation support process, including evidence coordination and leadership briefing materials to enable confident sign-off.
• Drives remediation governance for United States cybersecurity control gaps by obtaining remediation plans from control owners, tracking progress, and coordinating closure.
• Provides governance oversight for the United States cyber service sustainability forum by reviewing remediation plans, ensuring non-compliance is escalated for business decision, and flagging funding risks that could impact service sustainability.
• Represents United States cybersecurity in application security governance forums and acts as the point person for issue resolution and follow-through.
• Leads through influence across cybersecurity, technology, risk, and controls teams, including coordinating the work of others when needed to meet fixed regulatory deadlines.
Regards,
Puneet.