Head of Cyber Security Governance

Software Guidance & Assistance, Inc., (SGA), is searching for a Head Of Cyber Security Governance for a FULL TIME assignment with one of our premier Insurance clients in NYC, NY. Hybrid schedule 3x weekly in the office.

Responsibilities :
Security Governance & Strategic Alignment

• Design, implement, and maintain enterprise-wide cybersecurity policies, standards, and procedures that align with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, CIS Controls, SOC2, PCI-DSS, NYDFS).
• Provide strategic and tactical guidance to business and technology teams on secure architecture, risk mitigation, and compliance.
• Act as a security leader and liaison for designated business units or functions for security considerations across various projects, and initiatives.
• Align cybersecurity strategy with business goals to proactively identify and mitigate risks.
• Collaborate with executives, product leaders, and engineering teams to embed security into development and operations.
• Ensure global cybersecurity services, SLAs, KRIs, and processes meet defined objectives.

Risk Management & Governance

• Facilitate risk assessments, threat modeling, and security posture reviews.
• Identify and communicate cybersecurity and third-party risks to business stakeholders.
• Ensure compliance with regulatory frameworks and internal standards.
• Adapt and localize security policies to meet applicable regulatory and business requirements.

Security Programs & Initiatives

• Drive initiatives in cloud security, access controls, third-party risk, and data protection.
• Translate technical risks into business-relevant language for leadership.
• Guide incident response and business continuity planning for critical functions.

Culture, Awareness & Stakeholder Engagement

• Lead the development and delivery of a comprehensive cybersecurity training and awareness program tailored to diverse audiences across the organization. Promote a culture of security through engaging campaigns, simulations, and targeted education.
• Provide executive-level reporting on security posture, metrics, and risks.
• Foster a risk-aware, security-conscious culture across teams.

Required Skills :

• 10+ years of experience in information security, IT risk management, or cyber risk consulting.
• At least 5+ years in leadership roles interfacing with senior business stakeholders.
• A strategic thinker and hands-on leader who thrives in a collaborative, fast-paced environment. You bring a balance of technical expertise, business acumen, and communication skills that enable you to influence at all levels of the organization.
• Proven experience in highly regulated industries (e.g., banking, insurance, healthcare, or technology).
• Experience with security in hybrid or cloud-native environments (e.g., AWS, Azure, Google Cloud Platform).
• Familiarity with regulatory and compliance frameworks (e.g., NIST, NYDFS, SOC 2, PCI-DSS).
• Proven experience developing and managing security policies, standards, and awareness programs.
• Strong background in providing security advisory services for IT and business projects.
• Deep knowledge of enterprise security architecture, cloud security, and data governance.
• Strong business acumen with ability to translate security into strategic risk insights.
• Excellent communication, influencing, and stakeholder management skills.
• Ability to balance risk mitigation with business enablement.
• Proven ability to lead cross-functional teams and manage complex initiatives.
• Bachelor's or Master's in Information Security, or related field.

Preferred Skills :

• Preferred certifications: CISSP, CISM, CRISC.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.
#LI-SG1