Director of Cybersecurity Governance, Risk & Compliance

Job Description: • Lead the Security GRC team responsible for Third Party Risk Management, control governance and testing, Business Continuity Management, and access governance. • Set the vision, roadmap, and priorities for the Security Program in partnership with the CISO, other Security & IT functions, and Enterprise Risk Management. • Mentor and develop team members. • Define clear goals, performance expectations, and development plans. • Act as a key advisor to security and business leadership on cyber and technology risk posture, tradeoffs, and remediation priorities.• Own the Security Program and ensure that regulatory, contractual, and internal security requirements are satisfied across the enterprise and BaaS/fintech ecosystem. • Define and maintain the enterprise control baseline mapped to the NIST CSF, CRI Profile, and FFIEC IT Examination Handbooks, aligning with GLBA, SOX, and PCI-DSS where applicable. • Author and approve control narratives, RACI, evidence requirements, testing procedures, and control objectives. • Author and maintain cybersecurity governance documents, such as policies and standards.• Work with technical control owners to implement processes and automations aligned to written controls, policies, and standards. • Champion “policy as code” and guardrails (e.g., identity, configuration, network segmentation, logging/monitoring) in partnership with Security Engineering and IT. • Oversee targeted cyber/IT risk assessments for technology changes, third parties, products, and fintech programs and ensure clear articulation of inherent and residual risk. • Maintain a centralized log of issues, control gaps, and remediation plans; ensure sustainable fixes and prevent recurrences by updating baselines, standards, and automation.• Partner with Enterprise Risk Management on risk acceptance, watch lists, and aggregation of security risks into enterprise risk reporting. • Own the design and execution of access certification campaigns across key systems and applications (e.g., core banking, identity platforms, cloud, fintech partner integrations). Requirements: • Demonstrated ability to operationalize the FFIEC IT Examination Handbooks, NIST CSF, and the CRI Profile into practical, auditable controls and testing procedures. • Proven experience owning or leading Third Party Risk Management, control frameworks, and/or Business Continuity Management programs in a regulated environment.• Hands-on skill implementing proactive controls and automating control testing/evidence collection using APIs, various languages (Python, TypeScript, Bash, and/or PowerShell), and data pipelines/dashboards. • Familiarity with Azure/bolthires 365/Entra, Okta, Windows/Linux, networks, bolthires/CD, vulnerability management, EDR, logging/SIEM, and data protection. • Experience with GRC platforms and workflow/ticketing systems. • Strong understanding of FFIEC IT Examination Handbooks, NIST CSF, NIST SP 800-53, GLBA, SOX, and PCI DSS and ability to map and rationalize overlapping requirements.• Excellent written/oral communication with proven ability to influence cross-functional teams and present to management, auditors, regulators, and fintech partners. • Bias for automation and measurable outcomes. • Comfortable in fast-moving, high-accountability settings. Benefits: • Medical Coverage : Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle. • Health Savings Account (HSA) : Available with eligible medical plans, offering tax advantages and employer contributions.• Flexible Spending Accounts (FSA) : Options for healthcare and dependent care expenses to help you save on out-of-pocket costs. • Dental and Vision Insurance : Plans to keep you and your family smiling and seeing clearly. • Life Insurance : Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents. • Long-Term /Short-Term Disability (LTD) : Income protection in the event of a long-term illness or injury. • Supplemental Benefits : Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.• 401(k) Retirement Plan : A competitive retirement savings plan with company matching to help you plan for the future. • Paid Time Off : Generous vacation and sick leave policies to support your time away from work. • Holidays : Enjoy 11 paid holidays throughout the year. Apply tot his job