Sr. Manager, IT & Security Risk
Role details
Job location
Tech stack
Job description
IT Risk Management, Information Security Governance, Cybersecurity Frameworks (NIST/ISO 27001), Third-Party Risk Management, Regulatory Compliance, Financial Services Experience, Vendor Risk Assessments, Incident Response Oversight, KRIs & Reporting, Cross-Functional Leadership, Our growing client is seeking a Senior Manager, IT & Information Security Risk to lead enterprise-wide oversight of technology, cybersecurity, AI, and information security risk management initiatives. This individual will partner closely with executive leadership, enterprise risk teams, technology stakeholders, compliance, and third-party vendors to strengthen cyber resilience and ensure alignment with regulatory expectations and organizational risk appetite., * Lead second-line oversight for IT and Information Security risk governance across the enterprise.
- Evaluate and challenge the alignment of cybersecurity and IT strategies with business objectives, risk appetite, and regulatory expectations.
- Review and assess information technology and cybersecurity risk assessments across applications, infrastructure, cloud environments, and operational processes.
- Partner with technology and project teams on system implementations, architecture decisions, cybersecurity controls, and operational risk mitigation.
- Evaluate SaaS platforms, technology integrations, and emerging technologies for security and compliance risk exposure.
- Conduct third-party and vendor security risk assessments, including SOC 1/SOC 2 reviews, SIG questionnaires, penetration testing analysis, and remediation tracking.
- Provide oversight and risk guidance related to cybersecurity incidents, operational disruptions, and emerging technology threats.
- Collaborate with business units and technology teams to identify, document, monitor, and remediate risk findings.
- Oversee cybersecurity policies, procedures, governance standards, and incident response planning.
- Support enterprise cyber awareness initiatives, phishing simulations, tabletop exercises, and employee education programs.
- Monitor remediation efforts tied to IT and security findings to ensure timely resolution.
- Track cybersecurity and financial sector threat intelligence trends and communicate emerging risks to leadership.
- Develop and maintain KRIs, dashboards, metrics, and executive reporting for risk committees and senior leadership.
- Support a collaborative, inclusive, and high-performing risk culture across the organization.
Requirements
Do you have experience in Supplier risk evaluation?, Do you have a Bachelor's degree?, * 8 10+ years of experience in IT Risk, Information Security, Cybersecurity Risk Management, or related disciplines.
- Prior experience within financial services, banking, fintech, payments, or regulated industries strongly preferred.
- Strong understanding of cybersecurity and governance frameworks including NIST CSF, NIST 800-53, ISO 27001, and CIS Controls.
- Experience conducting third-party/vendor risk assessments and evaluating SOC reports.
- Strong knowledge of regulatory expectations related to cybersecurity and operational risk.
- Ability to communicate technical risk concepts clearly to executive leadership and business stakeholders.
- Experience supporting incident response oversight and operational resilience initiatives.
- Strong analytical, documentation, and problem-solving skills.
- Experience with reporting tools such as Power BI, Tableau, or Python is preferred.
- Bachelor's degree in Cybersecurity, Information Security, Risk Management, Information Technology, or related field preferred.
- Industry certifications such as CISSP, CISM, CRISC, CGEIT, or Security+ preferred.
- Must be authorized to work in the United States.