Director, Cyber & Information Security Risk

A financial firm is looking for a Director, Cyber & Information Security Risk to join their team in New York, NY.Compensation: $220-280kResponsibilities:Provide independent, proactive oversight and challenge of cybersecurity and information security risk management at the firm through execution of risk framework elements and embedded monitoring of key cyber/information security programsAssess and report cybersecurity and information security risk profile based on quantitative and qualitative risk measures and including assessment of effectiveness of planned remediation/mitigation of excess risk exposureRegulatory engagement, including regular supervisory meetings, exams, and sustainable remediation of findingsDevelop and maintain cybersecurity and information security risk management framework, second line of defense standards and guidelines, in alignment with the firm's Risk Governance FrameworkTalent management functions including: employment, performance evaluations, staff development/training, disciplinary actions, succession planning and ensuring all staff comply with compliance requirementsAnalyzes and resolves problems pertaining to differing views of risks/controls and due diligence relating to third partiesQualifications:Required Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity or relevant field15 years in Information Technology, Information Security, Cybersecurity risk management or related roleProven experience in senior leadership position in relevant domain, including strategically influencing senior management and key stakeholders8-10 years' experience managing high performing teams5 years' experience of large bank regulatory oversightStrong knowledge of cybersecurity frameworks, standards and regulationsExpert knowledge in identification, measurement, monitoring and mitigating cyber and information security risksDemonstrated ability to provide outcome-based risk oversight and challenge to first line risk managementStrong knowledge of non-financial risk frameworksExcellent verbal and written communication skillsStrong analytical, troubleshooting, and root cause determination skillsStrong ability to build consensus across diverse teams with competing agendasAbility to supervise, train, and motivate staffPreferredIndustry certifications such as Certified Information Systems Security Professional ("CISSP”), Certified Information Security Manager ("CISM”), Certified Risk and Information Systems Control ("CRISC”) a plus but not requiredExpertise in Gramm-Leach-Bliley Act (GLBA) requirements and effective GLBA program executionFinancial industry experience