Overview
Skills
Job Details
Hi,
Position: Lead Cyber and Third-Party Resilience
Location: New York (On-site)
Duration: 12+ Months
Interview Mode: In-person
Need Local Profile
Visa: or -EAD
JD
Key Responsibilities
Strategic Leadership
o Develop and lead a cyber and third-party resilience strategy aligned to the bank's operational resilience framework and key business services.
o Translate enterprise resilience strategy and regulatory expectations (e.g., FFIEC, DORA, EBA, PRA) into actionable, risk-informed response strategies.
o Establish and manage governance forums and escalation protocols for cyber and third-party resilience oversight.
o Lead implementation across 1LoD teams to ensure timely and effective delivery of resilience capabilities.
o Guide the identification of essential service (ES) dependencies, incorporating cyber and vendor risk into recovery strategies.
o Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders.
Cyber & Third-Party Resilience
o Partner with Cybersecurity and IT to embed cyber recovery capabilities (e.g., playbooks, failover mechanisms, immutable backups) into essential services.
o Collaborate with Third-Party Risk Management and Procurement to ensure resilience obligations are embedded in contracts, onboarding, and monitoring.
o Partner with the Operational Resiliency Testing Lead to coordinate tabletop exercises, testing, and simulations for high-risk scenarios (e.g., ransomware, CTPSP outage, geopolitical vendor disruption).
o Manage tracking and closure of findings from tests, risk reviews, and regulatory exams related to cyber or third-party resilience.
Process and Technology Optimization
o Drive optimization of cyber and third-party incident response processes using data analytics, metrics and automation opportunities.
o Partner with the Crisis and Incident Management Lead, Cyber, Technology, and Ops teams to align response processes and eliminate gaps in cross-domain coordination.
o Assist in embedding "resilience by design into technology builds and operational processes, including architecture reviews, solution designs, and procurement processes.
o Support resilience control automation and tooling to reduce recovery time and enhance response coordination.
o Partner with the Business Resiliency Planning Lead to guide BIA execution, dependency mapping, and impact tolerance assessments across technology and third-party ecosystems.
Regulatory Compliance and Audit Readiness
o Ensure full compliance with FFIEC, DORA, EBA, PRA and other regulators.
o Lead regulatory and internal/external audit preparation, ensuring cyber and third-party resilience capabilities are evidenced through documentation, testing evidence, post-incident reviews and corrective actions, and impact tolerance testing results.
o Integrate third-party and cyber risk response coordination into incident response playbooks, ensuring vendor engagement and joint response capabilities are embedded and tested.
o Assist in conducting formal Root Cause Analysis (RCA) and post-incident reviews, identifying systemic issues and implementing corrective actions.
Core Competencies
Operational Execution
o Demonstrated ability implementing resiliency plans, coordinating response efforts and driving complex program delivery across business, technology, cyber, and third-party domains.
o Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
Strategic Vision
o Ability to define and execute cyber and third-party resilience programs aligned with regulatory and business objectives.
o Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.
Regulatory Acumen
o Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and EBA.
Operational Discipline
o Demonstrated understanding of impact tolerances, business continuity, disaster recovery, cyber response, and vendor resilience programs.
o Familiarity with resilience-enabling technologies, such as cloud failover, system redundancy, backup architecture, and monitoring tools.
o Skilled in designing, executing, and learning from testing exercises (e.g., cyber breach, vendor outage).
Influence & Communication
o Strong ability to engage and influence executive leadership and cross-functional teams under pressure.
Continuous Improvement
o Embeds lessons learned, metrics, and feedback loops into the resilience lifecycle.
Strategic Communication & Risk Analysis
o Proficient in Microsoft Excel and PowerPoint to analyze complex cyber and third-party data, develop resilience metrics, and create executive-level presentations that inform cybersecurity strategy, enhance third-party oversight, and support key stakeholder decision-making.
Soft Skills & Leadership
o Strong leadership and project management skills.
o Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.
o Analytical mindset with a proactive approach to problem-solving and risk mitigation.
o Ability to thrive in a fast-paced, high-stakes environment with competing priorities.
o Comfortable working in a highly global, diverse, and hybrid (office and virtual) work environment
o Strong communication and documentation skills.
Niranjan Kumar | Technical Recruiter
Email:
Stellent IT | office :