Director Technology Risk Governance

---

Job description

Overview:
As Director for Cyber Risk Assessments in First Citizens Bank's Enterprise Cyber Security Office Governance Risk and Compliance team (ECSO GRC) you will execute high-priority enterprise-level cyber initiatives, influence across the organization, and drive the implementation of our cyber risk assessment strategy. Specifically, in this position, you will develop and execute the Cyber Risk Assessment program methodology. You will collaborate closely with associates and Senior Executives across all lines of defense, lines of business, and other risk management teams to perform and support the work related to further maturing risk management practices. This includes leading and implementing risk management tools and frameworks for the organization and managing a sustainable and mature process to identify, assess, mitigate, and monitor cyber risk in the enterprise. This role will be responsible for big picture thinking, strategic direction, and partnering across teams to develop and support best-in-class industry risk solutions in a manner that supports innovation and protects our customers, shareholders, and associates. Your contributions will drive organizational change through risk identification, measurement, analysis, and reporting in order to better manage the company's cyber risk in an open and collaborative environment.

Responsibilities:
Cyber Risk Assessment Program- Identify and develop the cyber risk assessment program inclusive of a cyber risk assessment methodology to enhance the assessment process in accordance with industry best practice. Develop Cyber risk aggregation methodology that is leveraged across the Enterprise Cyber security office program.

Targeted Risk Assessment Program- Identify and implement the targeted risk assessment program based on industry standards and best practices related to cyber risk management and aligned with First Citizens Bank's strategic risk direction.

Program Oversight - Manage GRC capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Build strong partnerships with industry peers, government agencies, and risk management communities. Define processes, standards, and procedures being utilized by your team. Drive continuous improvement of program capabilities by designing and implementing new security products, services, and technologies. Lead the development and reporting of GRC-owned metrics to executive leadership.

Managerial Functions - Establish and monitor expectations to achieve company and departmental goals. Make appropriate changes to team policies, standards, procedures, and efficiencies in order to meet objectives. Manage the performance, training, and evaluation of assigned staff. Maximize department achievements by providing professional development.

Qualifications:
Qualifications:

Bachelor's Degree and 10 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 14 years of experience in Information Technology Security, Operations, Risk Management, or Audit

At least 7 years of experience in Cybersecurity, Technology, Risk Management, or External Audit

At least 7 years of experience planning and leading IT audits and risk assessments

At least 4 years of project or process management experience

At least 4 years of People Management experience

At least 2 years of experience working in an Agile environment

Preferred Qualifications:

10+ years of experience in Cybersecurity, Technology, Risk Management or External Audit, or a combination of these areas

8+ years of experience in performing information security or technology risk identifications and assessments, such as Control Self Assessments (CSAs), or completing assessments against established industry risk frameworks

8+ years of experience performing data analysis in support of internal risk assessments and control reviews

5+ years of experience performing data analysis in support of cybersecurity assessments and control design in a cloud environment (AWS)

5 +years of project management experience leading cross functional projects and programs

3+ years of Financial Services industry experience, including familiarity with regulatory practices

Cybersecurity and technology risk and/or project management certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), AWS Security certification, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Project Management Professional (PMP) Certification, or Masters Certificate of Project Management (CPM) or related certifications

Excellent verbal presentation and written communication skills to confidently interact at all levels of the organization (e.g., technology and cyber organizations, enterprise business stakeholders, and executive leadership)

Excellent problem-solving, analytical, and critical thinking skills to effectively respond to shifting priorities, demands and timelines

Ability to set direction, manage expectations, and lead cross-functional teams

1+ years of consulting experience with a Big 4 firm

First Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here: (url removed).

<!– job description page –>