Cybersecurity Program Strategist - Assessments and Remediation

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

• Partner closely with lines of business and internal IT teams to thoughtfully evaluate initiatives, releases, and projects, ensuring technical and cybersecurity requirements are clearly understood and aligned to business objectives.
• Serve as a trusted advisor by researching and translating business needs into practical, risk-aware technical solutions through collaboration with internal delivery and application teams, solution providers, and subject matter experts.
• Clearly communicate and document findings, recommended solutions, impact analysis, and associated risks in a manner tailored for senior leadership and C-Suite audiences.
• Lead issue management and remediation efforts within Archer, ensuring issues are accurately documented, ownership is clear, and remediation plans are actionable, measurable, and effectively tracked through resolution.
• Document cybersecurity findings and remediation strategies with executive-level clarity, balancing technical accuracy with business context to support informed decision-making.
• Oversee and perform qualitative and quantitative analysis to help guide program strategy and inform both near-term execution and longer-term planning.
• Provide informed recommendations on cybersecurity projects and initiatives, incorporating an understanding of the Technology Delivery Lifecycle/Software Delivery Lifecycle (TDLC/SDLC) frameworks and how security controls are integrated throughout the lifecycle.
• Demonstrate working knowledge of foundational cybersecurity controls and practices, such as SAST, DAST, penetration testing, identity and access management (IAM), and related risk-reduction techniques.
• Consult with business leaders to help design, refine, and mature processes and procedures that strengthen security, resilience, and regulatory alignment.
• Maintain awareness of enterprise technology, infrastructure, standards, and strategic direction, leveraging this understanding to guide partners toward secure, scalable solutions that support overall business goals.

What Success Looks Like in the First 6-12 Months

• Actively engages with lines of business and security teams to understand initiatives in-flight and directly support projects with clear, actionable cybersecurity guidance.
• Takes ownership of issue management within Archer, including drafting findings, coordinating with control owners, defining remediation actions, and following up to drive timely issue closure.
• Personally develops and maintains clear, well-structured findings and remediation documentation that can be used both operationally and in executive-level readouts with minimal rework.
• Participates hands-on in reviews of business application requests and releases., applying an understanding of TDLC/SDLC processes to identify gaps, risks, and improvement opportunities early in the lifecycle.
• Actively reviews and evaluates cybersecurity controls and assessment outputs such as SAST, DAST, penetration testing, and IAM findings, helping teams interpret results and prioritize remediation efforts.
• Performs detailed analysis to support cybersecurity initiatives, turning assessment results, metrics, and trend data into practical recommendations that improve execution and risk reduction.
• Works directly with business and technology partners to clarify expectations, refine processes, and close gaps in procedures, rather than relying solely on escalation paths.
• Builds credibility through consistent follow-through, responsiveness, and the ability to balance risk management expectations with real-world delivery constraints.

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor's degree in business administration, technology related field or equivalent education and related training
• Five years of demonstrated progressive experience in Cybersecurity experience
• Foundational knowledge of cybersecurity terms, concepts, disciplines and frameworks, * Knowledge of financial services industry and all applicable regulations and industry standards
• Cyber security certifications such a Security +, CISA, CEH are a plus
• Basic familiarity with GitLab SaaS and CI/CD pipelines, including an understanding of how security controls and testing activities integrate into the software delivery lifecycle.
• Advanced familiarity with Archer (preferred), ServiceNow (preferred), IBM OpenPages or other Governance Risk and Compliance (GRC) platform, Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Availability

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need.

Travel

Minimal and up to 10%