Lead Cyber and Third-Party Resilience

Overview

On Site
Depends on Experience
Accepts corp to corp applications
Contract - W2
No Travel Required

Skills

Disaster Recovery
IT Architecture
IT Risk
IT Risk Management
Incident Management
Leadership
Documentation
Continuous Improvement
Data Analysis
Decision-making
Elasticsearch
Embedded Systems
Failover
Finance
Legal
Procurement
Onboarding
Management
Mapping
Microsoft Excel
Microsoft PowerPoint
Optimization
Collaboration
Communication
Problem Solving
Project Management
QA Management
Conflict Resolution
FFIEC
Regulatory Compliance
Partnership
Pivotal
Auditing
Backup
Backup Administration
Business Continuity Planning
Analytical Skill
Cloud Computing
Cyber Security
Presentations
Real-time
Recovery
Regulatory Affairs
Risk Management
Root Cause Analysis
Service Design
Soft Skills
Stakeholder Management
Strategic Communication
Supervision
Testing

Job Details

Onsite in NYC

Summary

As Cyber & Third-Party Resilience Lead, you will play a pivotal role in operationalizing the firm's cyber and third-party resilience strategy. You will ensure that essential business services can withstand and recover from severe but plausible disruption scenarios by embedding resilience into business service design, technology architecture, and third-party engagements. This role is hands-on and delivery-focused, responsible for leading the implementation of cyber and third-party resilience controls, recovery testing, and real-time response readiness across essential services. You will work closely with business, cybersecurity, IT, and risk partners to ensure resilience capabilities meet regulatory expectations and business impact tolerances.

The role will build a resilient culture through a proactive, risk-informed approach that integrates cyber and third-party resilience within the operational resilience framework, while meeting regulatory compliance, real-time command and control, and continuous improvement. The role reports directly to the Head of Resilience Management for the Americas and works closely with stakeholders across Technology, Risk, Cybersecurity, Legal, Communications, and Regulatory Affairs to embed a culture of resilience and readiness.

Key Responsibilities
Strategic Leadership
o Develop and lead a cyber and third-party resilience strategy aligned to the bank's operational resilience framework and key business services.
o Translate enterprise resilience strategy and regulatory expectations (e.g., FFIEC, DORA, EBA, PRA) into actionable, risk-informed response strategies.
o Establish and manage governance forums and escalation protocols for cyber and third-party resilience oversight.
o Lead implementation across 1LoD teams to ensure timely and effective delivery of resilience capabilities.
o Guide the identification of essential service (ES) dependencies, incorporating cyber and vendor risk into recovery strategies.
o Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders.
Cyber & Third-Party Resilience
o Partner with Cybersecurity and IT to embed cyber recovery capabilities (e.g., playbooks, failover mechanisms, immutable backups) into essential services.
o Collaborate with Third-Party Risk Management and Procurement to ensure resilience obligations are embedded in contracts, onboarding, and monitoring.
o Partner with the Operational Resiliency Testing Lead to coordinate tabletop exercises, testing, and simulations for high-risk scenarios (e.g., ransomware, CTPSP outage, geopolitical vendor disruption).
o Manage tracking and closure of findings from tests, risk reviews, and regulatory exams related to cyber or third-party resilience.
Process and Technology Optimization
o Drive optimization of cyber and third-party incident response processes using data analytics, metrics and automation opportunities.
o Partner with the Crisis and Incident Management Lead, Cyber, Technology, and Ops teams to align response processes and eliminate gaps in cross-domain coordination.
o Assist in embedding "resilience by design into technology builds and operational processes, including architecture reviews, solution designs, and procurement processes.
o Support resilience control automation and tooling to reduce recovery time and enhance response coordination.
o Partner with the Business Resiliency Planning Lead to guide BIA execution, dependency mapping, and impact tolerance assessments across technology and third-party ecosystems.
Regulatory Compliance and Audit Readiness
o Ensure full compliance with FFIEC, DORA, EBA, PRA and other regulators.
o Lead regulatory and internal/external audit preparation, ensuring cyber and third-party resilience capabilities are evidenced through documentation, testing evidence, post-incident reviews and corrective actions, and impact tolerance testing results.
o Integrate third-party and cyber risk response coordination into incident response playbooks, ensuring vendor engagement and joint response capabilities are embedded and tested.
o Assist in conducting formal Root Cause Analysis (RCA) and post-incident reviews, identifying systemic issues and implementing corrective actions.
Core Competencies
Operational Execution
o Demonstrated ability implementing resiliency plans, coordinating response efforts and driving complex program delivery across business, technology, cyber, and third-party domains.
o Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
Strategic Vision
o Ability to define and execute cyber and third-party resilience programs aligned with regulatory and business objectives.
o Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.
Regulatory Acumen
o Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and EBA.
Operational Discipline
o Demonstrated understanding of impact tolerances, business continuity, disaster recovery, cyber response, and vendor resilience programs.
o Familiarity with resilience-enabling technologies, such as cloud failover, system redundancy, backup architecture, and monitoring tools.
o Skilled in designing, executing, and learning from testing exercises (e.g., cyber breach, vendor outage).
Influence & Communication
o Strong ability to engage and influence executive leadership and cross-functional teams under pressure.
Continuous Improvement
o Embeds lessons learned, metrics, and feedback loops into the resilience lifecycle.
Strategic Communication & Risk Analysis
o Proficient in Microsoft Excel and PowerPoint to analyze complex cyber and third-party data, develop resilience metrics, and create executive-level presentations that inform cybersecurity strategy, enhance third-party oversight, and support key stakeholder decision-making.
Soft Skills & Leadership
o Strong leadership and project management skills.
o Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.
o Analytical mindset with a proactive approach to problem-solving and risk mitigation.
o Ability to thrive in a fast-paced, high-stakes environment with competing priorities.
o Comfortable working in a highly global, diverse, and hybrid (office and virtual) work environment
o Strong communication and documentation skills.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.