What does a successful Cybersecurity & Technology Risk Officer (CTRO) do?
You will serve as a critical link between our business unit leadership and the broader enterprise Cybersecurity organization. In this role, you will champion cybersecurity awareness and risk mitigation, advise executive stakeholders, and ensure alignment of business objectives with enterprise security and technology standards, and regulatory expectations. Your focus will be on embedding cybersecurity principles into the strategic operations of the business, ensuring data protection, resiliency, regulatory compliance, and enabling secure innovation.
What you will do:
- Partner with CIOs, senior leadership, and technology stakeholders to assess and communicate cybersecurity risk in business terms and influence prioritization of security investments and drive remediation strategies that align with enterprise risk tolerance.
- Serve as the primary cybersecurity advisor to the business, interpreting enterprise policies and providing actionable guidance.
- Identify, assess, and document security risks across products, applications, and third-party relationships and collaborate with remediation owners to develop and track resolution plans based on risk severity and business impact.
- Deliver executive-level risk dashboards and metrics that provide transparency into the business’s security posture.
- Promote awareness of regulatory and industry obligations through targeted training, awareness campaigns, and proactive engagement.
- Ensure security risk and controls assessments are conducted at appropriate intervals with relevant depth based on evolving threats and business changes.
- Stay current with the threat landscape, regulatory developments, and best practices.
- And apply insights to anticipate future risks and inform business-specific security planning.
- Guide technology teams in adopting enterprise cybersecurity tools, capabilities, and controls.
What you will need to have:
- 10+ years of progressive experience in Information Security, Cyber Risk, or Technology Risk roles.
- 5+ years of experience in the financial services or banking industry with working knowledge of relevant regulations (e.g., GLBA, FFIEC, PCI, SOX).
- Experience with cybersecurity governance frameworks (e.g., NIST CSF, ISO/IEC 27001) and enterprise risk management practices.
- Ability to operate with a sense of urgency in high-stakes, highly regulated environments.
- Strategic mindset with the ability to execute operationally.
- Bachelor’s degree in Computer Science, Information Security, Information Technology, or related discipline and/or equivalent work experience..
What would be great to have:
- Certifications such as CISSP (Certified Information Systems Security Professional), CRISC, CISM, or other risk-related certifications.
Important info about this role:
- We’re better together! This role is fully on-site.
- This is a full-time, direct-hire position, and no contract options or unsolicited agency submissions will be considered.
- You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered for this role.
#LI-RM-1
R-10374250
