Program Manager (US Cyber Regulatory CRI) - New York/ New Jersey/ Illinois - (Hybrid 1 day/month)

Role: Program Manager (US Cyber Regulatory CRI)

Duration: 12 Months
Location: New York City, NY Or Jersey City NJ Or Chicago, IL Or Buffalo NY

Note: Candidate needs to visit one of the locations once a month

Job description:

Role Summary

The Americas Cybersecurity Governance Risk and Compliance GRC Senior Support Specialist is responsible for leading and delivering key US cyber regulatory governance and reporting obligations ensuring the organization maintains compliance with applicable cybersecurity regulations and effectively manages cyber risk The role supports the Americas Cybersecurity GRC Lead and US CISO by owning endtoend execution of timebound regulatory programs and submissions producing regulatorready artifacts and maintaining repeatable auditable processes

The role provides oversight and effective challenge of the regional cybersecurity risk profile risk appetite metrics and control effectiveness and drives remediation followup when metrics indicate noncompliance or risk appetite breaches Working in partnership with Group Cybersecurity teams the broader GRC Regulatory Compliance teams technology and control owners including non US IT Service Owners and the regional Chief Controls Office the role coordinates regulatory deliverables such as the CRI Profile assessment GLBA reporting NYDFS attestation support bimonthly regulatory meeting materials and ad hoc regulatory requests ensuring high quality outcomes and operational resilience across US Cyber governance forums

Role Description

• Broad understanding of cybersecurity across Security Operations engineering technology controls and tooling with the ability to translate technical topics into clear regulatory and executive level messaging
• Strong knowledge of IT preferably cybersecurity governance risk management and compliance including experience assessing cyber regulatory compliance and supporting regulatory exams and inquiries
• Demonstrated program management capability with end to end ownership of timebound nondiscretionary regulatory deliverables eg CRI Profile assessment GLBA reporting NYDFS attestation support including planning execution quality control and submission readiness
• Proven ability to develop and maintain repeatable auditable operating models by documenting processes and building program artifacts procedures templates guidance training materials trackers and evidence repositories
• Ability to analyze and interpret cybersecurity risk and control metrics KPIKRIKCI identify data discrepancies drive root cause analysis with stakeholders and track remediation actions through to closure
• Strong stakeholder management skills including the ability to coordinate across 1LOD 2LOD CCO Tech Group Cybersecurity technology teams control owners and non US ITSOs to deliver outcomes on schedule
• Excellent written and verbal communication skills with the ability to produce clear concise wellevidenced materials fit for senior management the Board of Directors and regulatory bodies
• Ability to lead through influence prioritize effectively across competing deadlines and coordinate the tasking of others including contractors or virtual team resources when required
• Ability to provide responsive support for ad hoc regulatory requests including rapid evidence gathering and issue resolution with appropriate sensitivity to the US regulatory environment
• Proficiency with Microsoft tools Word Excel PowerPoint SharePoint Power BI Teams and collaboration platforms eg Confluence to manage workspaces reporting and regulatory artifacts
• Strong attention to detail and a continuous improvement mindset proactively identifying opportunities to reduce cycle time stakeholder friction and execution risk year over year

Qualifications

• Bachelors Degree in relevant discipline eg ITRisk or equivalent work experience
• One or more industry certifications eg CISSP CISA CISM preferred
• Strong demonstrated program management experience including endtoend ownership of timebound regulatory deliverables eg FFIEC CATCRI Profiletype assessments and GLBA reporting including planning execution quality control and submission readiness
• Prior experience with US Financial Services regulatory OCC FRB engagement experience in dealing with compliance matters and regulatory liaison is preferred knowledge of US Financial Services regulatory requirements is required
• Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders
• Ability to efficiently operate and analyze large data sets in Excel proficiency with Microsoft tools Word Excel PowerPoint SharePoint Power BI Teams
• Comprehensive understanding of banking and cybersecurity in the context of wider industry trends and direction
• Strong written and verbal communication skills including the ability to translate technical subject matter for nontechnical audiences with excellent attention to detail

Key Responsibilities

• Leads delivery of mandatory United States cybersecurity regulatory programs and submissions including planning execution quality control and readiness for submission
• Coordinates and delivers the annual report required under the GrammLeachBliley Act for the Board of Directors including managing inputs from many stakeholders and ensuring consistent quality year over year
• Supports regulatory engagement and examinations by coordinating responses gathering evidence and ensuring materials are complete accurate and suitable for regulators and senior leadership
• Builds and maintains repeatable auditable ways of working by documenting processes and maintaining templates guidance training materials trackers and centralized evidence repositories
• Produces clear wellevidenced reporting and briefing materials for senior management the Board of Directors and regulators on cybersecurity risk compliance status and program outcomes
• Reviews cybersecurity risk and control performance metrics identifies data issues drives rootcause analysis with stakeholders and tracks remediation actions through closure
• Prepares materials and action tracking for recurring regulatory governance routines including meeting packs followups and escalation of delivery risks and dependencies
• Maintains the annual New York State cybersecurity attestation support process including evidence coordination and leadership briefing materials to enable confident signoff
• Drives remediation governance for United States cybersecurity control gaps by obtaining remediation plans from control owners tracking progress and coordinating closure
• Provides governance oversight for the United States cyber service sustainability forum by reviewing remediation plans ensuring noncompliance is escalated for business decision and flagging funding risks that could impact service sustainability
• Represents United States cybersecurity in application security governance forums and acts as the point person for issue resolution and followthrough
• Leads through influence across cybersecurity technology risk and controls teams including coordinating the work of others when needed to meet fixed regulatory deadlines"

In compliance with the salary transparency law, the expected pay range for this role is $55-60/hr. Actual compensation depends on experience and interview evaluation.