Description

• Provides independent review and challenge of cybersecurity and information security risk management activities.
• Assesses the adequacy of cyber security controls, including identity and access management, endpoint protection, and network security.
• Validates the design and execution of cybersecurity programs, initiatives, and remediation plans.
• Reviews post incident reports and lessons learned to ensure root causes are addressed and corrective actions are sustainable.
• Monitors risk trends, incidents, and key risk indicators, escalating concerns as appropriate.
• Serves as a key contributor to cyber and information security workgroups and risk committees. Leads periodic risk assessments focused on cyber and information security risks.
• Provides ongoing oversight of risk remediation plans and validate sustainability of corrective actions.
• Ensures policies align with industry standards and integrate into the broader Enterprise Risk Management framework.
• Recommends practical improvements to strengthen technology and information security controls.
• Identifies issues, presents findings and recommendations, emerging risks, and performance metrics to management, Enterprise Risk Management Committee and board-level reporting, as needed.
• Supports regulatory examinations and internal audits related to technology, cybersecurity, and information security practices.
• Partners with business units, Technology, Privacy, and Compliance, and promote a culture of accountability.
• Stays current on industry standards, regulations, and emerging risks related to technology, cybersecurity, and information security.
• Performs other duties and projects assigned.

• Bachelor’s Degree in Information Governance, Risk Management, Technology, Cybersecurity, or related field required, and a minimum of eight (8) + years of risk-related roles in the financial services industry.
• Minimum of seven (7) + years of experience in technology, cybersecurity, and information security, enterprise risk or information assurance.
• Three (3) years of experience working across the Line of Defense model. Prior involvement in second-line oversight, control testing, and monitoring strongly desired.
• Experience in mortgage lending, servicing, or financial services highly preferred.
• Deep understanding of cybersecurity frameworks/Standards (e.g., NIST CSF, ISO 27001, COBIT).
• Strong knowledge of applicable regulations and standards (e.g., GLBA, CCPA, CFPB, Fannie Mae/Freddie Mac guidelines, NYDFS).
• Professional certifications preferred: CISSP, CISM, CRIS, CISA.

• Aggressive compensation package based on experience and skill set.
• Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive.
• Work with other passionate, purposeful, and customer-centric people.
• Extensive internal growth and professional development opportunities including tuition reimbursement.
• Comprehensive benefits package including Medical/Dental/Vision.
• Wellness program to support both mental and physical health.
• Generous paid time off for both exempt and non-exempt positions.