Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
Leadership @ 4
Communication @ 4
Reporting @ 4
Audit @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
We’re seeking an Information Security Risk Oversight Lead to translate cybersecurity risk into executive insight and action. Sitting in the Company’s Second Line of Defense, reporting to the Head of Technology Risk, you will provide independent oversight and credible challenge across the firm’s enterprise-wide information security program. You will partner with the Chief Information Security Office, Engineering, and CTO teams to ensure cyber risks are identified, measured, monitored, and aligned with the firm’s risk appetite. Your oversight will enable leadership to understand what the risks are, whether they are being managed effectively, and where decisive action is required to strengthen the firm’s security posture.
Responsibilities
- Serve as the primary Second Line risk advisor for cybersecurity-related risks and lead independent oversight and credible challenge of First Line of Defense activities.
- Identify and measure threat-actor initiated risks and risk scenarios that may impact the confidentiality, integrity, and availability of information systems.
- Evaluate the design and operating effectiveness of security controls, particularly across complex, high-risk, or enterprise-scale technology initiatives.
- Quantify risk and control posture to support executive decision-making through scenario analysis and metrics (e.g., KRIs, KPIs, SLA/SLOs, ALE).
- Review and challenge security-driven programs and initiatives to ensure alignment with enterprise risk appetite, industry control frameworks, and regulatory expectations.
- Partner closely with Information Security and Engineering teams to enhance risk awareness, accountability, and control ownership.
- Identify root causes of control failures, security incidents, or systemic weaknesses and support the development of actionable, preventative recommendations.
- Prepare and present risk oversight materials to senior leadership committees, internal audit, Board of Directors, and regulatory bodies as required.
- Act as a strategic thought partner to senior leaders by advising on emerging threats, evolving regulatory requirements, and industry best practices.
Requirements
- Bachelor’s Degree required.
- 10+ years of experience in Information Security.
- 10+ years of experience in IT or Cyber Risk Management.
- Demonstrated experience operating within a Second Line of Defense or independent risk oversight function.
- Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, NIST 800-53, MITRE ATT&CK, ISO 27001, COBIT, CIS).
- Experience interacting with Boards, regulators, internal audit, and/or executive governance forums.
- Authorized to work in the United States.
Preferred Qualifications
- Relevant professional certifications (e.g., FAIR, CISSP, CISM, CRISC, CISA).
- Experience in regulated industries (e.g., financial services).
- Strong understanding of cloud security, application security, identity and access management, and cyber resilience.
- Familiarity with enterprise risk management methodologies and risk appetite frameworks.
Core Competencies
- Strong analytical and critical thinking skills with the ability to provide constructive challenge.
- Executive-level communication and presentation skills.
- Ability to influence without direct authority.
- Strategic mindset with strong attention to detail.
- High integrity and independent judgment.
Compensation & Benefits
- Salary Range: 215,000 - 290,000 USD Annual + Benefits + Bonus.
- Benefits may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability, 401(k) with match, life insurance, and wellness programs. The Company does not provide benefits directly to contingent workers/contractors and interns.