Responsibilities Include:
- Partner with the global Risk team to help build and maintain the Cybersecurity & Technology Risk Management Framework.
- Lead cyber threat and technology risk assessments across enterprise systems and applications, including cloud platforms and third-party environments.
- Identify and quantify threat-driven risk scenarios using MITRE ATT&CK, develop risk scoring, and communicate remediation priorities to senior stakeholders.
- Collaborate with the CISO organization, technology teams, business partners, and all three lines of defense to enhance control design, compliance, and resilience against emerging threats.
- Partner with CSIRT to support timely monitoring, detection, and response, incorporating incident learnings into ongoing risk assessments and control enhancements.
- Support adherence to cyber risk regulations and standards (e.g., FFIEC, OSFI, NIST) and contribute to internal/external audit readiness.
- Bachelor’s degree (Computer Science / Engineering preferred) and 5+ years of experience in information security and/or technology risk roles within a complex environment.
- Strong experience conducting cyber threat and risk assessments for enterprise systems and applications, including cloud security and cloud services.
- Familiarity with key frameworks and regulatory guidance: MITRE ATT&CK, NIST, FFIEC, OSFI (ISO knowledge a plus).
- Background in risk assessment, audit, or second-line oversight (“effective challenge”), ideally within financial services.
- Excellent written and verbal communication skills, with the ability to translate technical findings into clear business impact and present to leadership.
- Relevant certifications preferred: CISSP, CCSP, CISM, CEH (CISA a plus).
Pay: $50/hr-$60/hr
