Director Information Security Risk Management

The team is looking for a Director of Information Security Risk Management oversee and enhancing the firms Enterprise and Operational Risk Management frameworks. Acting as a trusted advisor, this role will provide independent oversight, review, and credible challenge of information security risk processes, ensuring the effectiveness of controls and risk mitigation strategies across the organization. This role will be a hybrid role 2X a week on site either in North Jersey or NYC.

This individual will work closely with enterprise-wide Information Security teams and corporate departments to proactively identify, assess, and manage information security risks.

Key Responsibilities

• Risk Culture: Support the CRO and Head of Enterprise & Operational Risk Management in fostering a culture of engagement, accountability, and teamwork.
• Risk Assessments: Collaborate with the InfoSec teams to guide and strengthen risk assessments in response to evolving threats.
• Process Improvements: Identify opportunities to mitigate recurring incidents through process evaluation and improvement initiatives.
• Operational Risk Framework: Enhance the application of the Operational Risk Management framework to better manage information security risk.

Operational Responsibilities:

• Risk Oversight:
• Conduct reviews and credible challenges of security risk profiles, control testing, event management, and reporting.
• Guide business units in assessing and managing risk ownership and controls.
• Monitor risk mitigation actions and validate closure evidence.
• Perform thematic reviews of operational risk events to prevent recurrence.
• Regularly assess key risk indicators and their alignment with risk appetite.
• Governance & Advisory:
• Provide expert insights on cybersecurity and technology risk trends to stakeholders.
• Actively participate in governance committees and forums to align risk appetite with business objectives.
• Maintain and oversee policies, standards, and procedures related to information security.

Qualifications & Experience

• 10 years of experience in information security governance, operations, and risk management.
• Extensive experience managing security risks in highly regulated, global transaction environments (Financial Service Experience Highly Preferred)
• Expertise in designing and managing Operational Risk programs in compliance with Basel and industry best practices.
• Strong knowledge of policy frameworks, risk structures, and governance best practices.
• Hands-on expertise working with the following:
• Cyber resilience
• IAM/PAM
• Secure coding practices
• Incident response
• AI
• TPRM
• Cloud security configuration & controls
• Threat/vulnerability management
• Network security

Preferred Certifications & Technical Skills

• Education: B.S. in Computer Science, Cybersecurity, Information Management, or a related field.
• Certifications: CISSP, CISM, CISA, CRISC (preferred).