DescriptionDescription - External As a Senior Risk Director within the Enterprise Technology & Security team you will lead our efforts to protect our organization from cyber threats. You will be responsible for developing and implementing a comprehensive cybersecurity risk management framework, overseeing the identification, assessment, mitigation, and reporting of cyber risks, and ensuring compliance with relevant regulations and standards. As a cybersecurity risk director, you will work closely with senior management, IT, legal, and business units to align cybersecurity risk strategies with business objectives, communicate cyber risk posture and exposure, and provide guidance and recommendations on cybersecurity best practices and solutions. You will also manage a team of cybersecurity risk professionals and foster a culture of cybersecurity awareness and resilience across the organization. Responsibilities include:
Lead and develop a dedicated team of risk managers and specialists for a consistent and effective support model.
Establish and lead a cybersecurity risk management process enabling senior management to continually identify, analyze, assess, and treat IT and cybersecurity-related risks. Translate cyber/technical IT risks into business risks and potential impacts.
Define key risk metrics, controls, and control tests to measure and assess current levels of cybersecurity risk.
Oversight and reporting of Risk Control Self Assessments, Targeted Risk Reviews, and issue management activities.
Providing day to day leadership to the business lines providing knowledge and expertise on the appropriate implementation of strategic plans, regulatory compliance, risk mitigation and industry standards.
Gaining visibility into detailed risk assessments and advises the business line on appropriate risk mitigation actions.
Advising on new processes / products, initiatives and strategies from a risk and control perspective; guiding the business lines through the various governance approvals related to new initiatives ensuring proper controls.
Acting as lead for exam for product / function under review and participating in all important interactions with the regulators.
Establishing and maintaining an effective business relationship with business partners, key project stakeholders, second and third lines of defense and subject matter experts to advise and support business initiatives.
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the United States for an experienced candidate.
Qualifications - External
Experience and Skills:
10 years of experience in Cybersecurity and/or Information Technology
10 years of Risk Management experience gained from working in financial services industry, preferably in Cybersecurity/ Technology Risk or Operational Risk
Experience working with cloud computing related technologies including IaaS/SaaS/PaaS, DevSecOps, web application technology, operating system, database, and networking.
Familiar with network security, vulnerability management, identity management, API security, infrastructure, data loss prevention, incident and problem management, change management, cryptography, cloud security, configuration management, and other key areas.
Experience in an organization that is under strong regulatory oversight and scrutiny.
Intermediate knowledge of internal controls and risk self-assessment
Basic knowledge of business areas processes and/or products and operations; regulatory requirements; and key processes, controls, and exposure areas
Understanding of FFIEC guidelines and handbooks, GLBA, SOX, PCI
Knowledge of industry recognized frameworks such as ISO 27001, Cobit, COSO, ITIL, NIST 800-53, NIST Cybersecurity Framework
Ability to analyze and synthesize many risk data points and help the business to prioritize mitigation.
Ability to effectively communicate with all levels of the organization.
Project management skills to support multiple assignments on behalf of various stakeholders.
Leadership, coaching and staff development experience.
Preferred Education and Certifications:
Bachelor’s Degree required; Master’s Degree preferred.
Relevant Certifications preferred.
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Cloud security specialty certification in AWS and Azure
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.Equal Employment OpportunityAt Citizens we value diversity, equity and inclusion, and treat everyone with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity EmployerCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth04/05/2024