Principal Engineer I, Cyber - IT Security Governance

Responsibilities

• Serve as a subject‑matter expert for cyber risk management, providing guidance on control effectiveness, risk treatment, and residual risk decisions.
• Drive execution of cybersecurity Risk & Control Self‑Assessments (RCSAs), ensuring alignment to ERM standards and regulatory expectations.
• Own and manage CRI Profile assessments, maturity scoring, evidence standards, and remediation tracking. Partner with technology, security, and risk teams to drive improved and sustained maturity gains.
• Maintain traceability between risks, controls, assessment results, and remediation activities.
• Lead the development, maintenance, and rationalization of cybersecurity policies, standards, and procedures in alignment with industry best practices (e.g., GLBA, FFIEC, NIST).
• Design, document, and maintain cyber risk statements, control descriptions, and control narratives suitable for audits and regulatory exams.
• Support internal audits, regulatory exams, and second line credible challenge through structured responses, evidence packaging, and issue management.
• Track and report on control performance, risk posture, and remediation progress using defined metrics and governance forums.
• Manage complex projects requiring coordination across IT, Information Security, ERM, Privacy, and Audit.
• Act as a trusted advisor to senior leaders on risk posture, maturity trends, and program health.
• Produce clear, executive‑ready artifacts including risk summaries, maturity dashboards, remediation roadmaps, and briefing materials.
• Develop and maintain automation solutions (e.g., scripting, workflow tools, AI-assisted processes) to improve efficiency of risk assessments, control testing, and evidence collection.
• Enable data-driven insights and reporting through engineering-oriented solutions (e.g., dashboards, metrics automation, control monitoring).
• Drive integration of AI and automation into RCSA, CRI assessments, and risk reporting processes to improve scalability, consistency, and accuracy.

Requirements

• 8+ years of related experience in Cybersecurity, Information Security Governance, IT Risk, or Enterprise Risk Management.
• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Risk Management, or a related field. Masters or MBA in related field preferred.
• Advanced to expert experience with: Cyber Risk Management frameworks (NIST CSF, CRI Profile, FFIEC, ISO 27001 principles).
• RCSAs, risk identification, control design, and residual risk assessment.
• Policy, standard, and procedure lifecycle management.
• Regulatory and audit engagement support in a financial services environment.
• Strong ability to translate complex technical and regulatory concepts into clear, defensible documentation.
• Proven experience managing cross functional initiatives with competing priorities.
• Expert speaking and writing communication skills.
• Demonstrated experience leveraging or governing AI/ML, automation, or advanced analytics within cybersecurity, risk, or compliance domains preferred.
• Strong understanding of data architectures, data flows, and system integrations, with the ability to assess associated cyber and privacy risks preferred.
• Familiarity with emerging regulatory expectations related to AI, model risk, and data usage in financial services preferred.
• Working knowledge of software engineering or scripting practices (e.g., Python, PowerShell, automation workflows) to support sc

Benefits

Additional Information

Job Title: Principal Engineer I, Cyber - IT Security Governance Location: CityScape

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at westernalliancebank? Share your experience