Lead, Cybersecurity/IT Control Design and Monitoring

Benefits

Additional Information

Lead, Cybersecurity/IT Control Design and Monitoring (First Line) Position Summary Do you want to be part of a collaborative team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise? As the Lead, Cybersecurity/IT Control Design and Monitoring, you will help oversee the appropriate controls are designed and monitored to ensure compliance with policies. You will partner across Cybersecurity, Technology, Risk Management, and Internal Audit to design controls, instrument and automate control monitoring, evaluate control performance through data-driven assurance, and drive timely remediation of control gaps. In partnership with 2nd line and control owners, this role helps to manage risk exposure and maintain alignment with policies and internal standards. You are Passionate about cybersecurity, control design and IT control and risk management Curious about relevant technology risks (emerging technology, current events, etc.) Driven to accelerate impact and lead change Detail and analytically oriented Flexible and resourceful in managing multiple priorities An excellent communicator with the ability to explain security concepts in simple, business relevant terms Able to effectively collaborate within your own team and across the organization You have Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Technology Risk Management, or a related field (or equivalent experience) 5+ years of experience in cybersecurity, architecture, IT risk, technology audit, Strong stakeholder management and communication skills; ability to translate technical control results into business risk Experience defining control objectives to address risks, designing controls, identifying residual risks, designing assurance approaches (manual and automated), and identifying corrective actions that address root cause Working knowledge of security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, COBIT, SOC 2, NYDFS 500, etc.) and experience mapping controls across frameworks Experience producing management-ready artifacts and facilitating governance forums Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls Understanding of AI/ML security and governance considerations (e.g., data protection, model risk, third-party AI, secure use/monitoring) is a plus Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP) You will Security/Technology Control Design Engage in new projects (Tech Governance process) to ensure the appropriate controls are designed and implemented to meet policies, including as appropriate those related to Key Financial Systems (KFS) Partner with internal audit Model Audit Rule team and risk team to ensure design is appropriate Perform initial validation of designed controls to ensure they are designed and operating effectively prior to go-live Cyber Control Monitoring & Self-Assessment Help lead the design, execution, and continuous improvement of the first line information security continuous control monitoring program In partnership with 2nd line, maintain a prioritized control inventory and define control objectives, owners, evidence sources, testing frequency, and monitoring methods Identify coverage gaps, control weaknesses, and emerging risks through ongoing monitoring, drive changes to the 1st line monitoring program based on findings, and escalate to risk for issue management, remediation oversight, and risk trending Oversee control testing and monitoring cycles (manual and automated), including data quality checks, sampling standards, and alignment to internal frameworks Partner with control owners to instrument monitoring, improve known issues and risks, reduce manual evidence collection, and improve control reliability through automation Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through Audit & Assessments Coordinate with 2nd line liaison to ensure timely, accurate, quality and consistent responses to audit/regulatory requests and findings across D&T. Determine if any findings are pervasive across other applications, platforms etc. and identify opportunities for further investigation Support audit and regulatory assessments by ensuring 1st line evidence, documentation, and control artifacts are current and readily available Risk Remediation Assist D&T control owners in designing remediation plans that address root-cause correction, appropriate compensating controls, and achieve measurable risk reduction Validate effectiveness of remediation actions identified through the 1st lin