Overview

This is a remote role that may be hired in several markets across the United States.

This role will work with a team of First Line Risk Management associates responsible for working across Cyber, Information Technology, and the lines of businesses to guard against cyber threats. They will develop and implement cutting edge risk solutions to ensure the continued stability and success of the Bank and protect its reputation. The Cyber Risk Consultant will partner with Cyber Senior Leadership and their teams to identify risks in an open, collaborative environment where new ideas and solutions are both welcomed and rewarded. Responsible for providing advice, guidance, and effective challenge on potential issues or risks related to their risk management, governance, and oversight processes. Consult on the design and implementation of appropriate controls to mitigate risks to an acceptable level. In addition, will manage key risk activities and work with stakeholders on new and changing risk programs. The Cyber Risk Consultant will serve as a "Trusted Advisor" to customers and stakeholders to identify, assess, and mitigate cyber risks, ensuring the organization's resilience and compliance with relevant regulations.

• Risk Oversight & Monitoring - Provides objective oversight of risks through effective challenge using defined methodologies and subject matter expertise. Provides leadership, consultation, and support for risk management. Fosters business unit relationships and implements training to promote engagement in risk management programs, including compliance with all risk policies and standards. May assist with presentations, workshops, and other materials as necessary to communicate risk management tactics. May provide guidance to less experienced associates in the department.
• Risk Management Proficiency - Maintains a strong knowledge of risk management developments or changes within the organization, industry, and market. Develops active relationships within professional networks to stay current on emerging issues and regulatory requirements. Communicates risk vision and regulatory requirements to applicable stakeholders, including less experienced associates in the work group. Able to quantify risk by assessing the potential financial and operational impacts of cyber incidents. This position should also be able to make informed decisions based on risk assessments and data analysis.
• Business Support - Provides support for business programs, initiatives, and leaders. Serves as a consultant on risk best practices, processes, and regulatory requirements. Facilitates reporting and interdepartmental collaboration. Partner with IT to identify and solve complex cybersecurity problems. Collaborate with IT and the various lines of businesses to develop long-term strategies to mitigate cyber risks. Effectively communicate complex technical information to both technical and non-technical stakeholders. Stays abreast of emerging technologies such as cloud computing, IoT, and artificial intelligence to understand their associated risks and impacts to the business and develops appropriate mitigation strategies.

• Knowledge of risk management techniques and practices
• Ability to work effectively with associates, managers, senior executives, and committees.
• Knowledge of regulatory compliance pertaining to enterprise risk and operational risk (e.g., GLBA, SOX, PCI DSS)
• Experience with cloud security and data privacy regulations
  Familiarity with risk management frameworks (e.g., NIST Cybersecurity Framework, ISO 27001)
• Understanding of various cybersecurity threats, vulnerabilities, and attack vectors
• Basic understanding of IT infrastructure, networks, and applications
• Basic understanding of cyber security controls, countermeasures, and techniques (e.g., threat modeling, DLP, firewalls, SAST/DAST/SCA, EDR)