Director, Cyber Governance, Risk, and Compliance - First Financial Bank
Cincinnati, OH
About the Job
We do the right things, right now. We do them in a way that is relevant to our clients. Become a part of our history as it continues to be written!
If you are interested and qualified for this role, we invite you to apply.
The Director, Cyber Governance, Risk, and Compliance (GRC) will be key member of the Information Security leadership team. This person will define, build, and execute operational processes and ensure effective management of cyber risk within defined risk appetite. The Director will be responsible for ensuring the organization adheres to all regulatory and industry standards, conducting risk assessments, performing gap analyses, implementing corrective actions, and managing attestations and certifications. The ideal candidate will bring experience in cybersecurity and technology risk management, and a strategic mindset to drive continuous improvement in the company's security posture.
Essential Functions/Responsibilities
* Implement governance processes to reduce risk from failed internal processes, inadequate identification of risks, inadequate controls, and emerging risks.
* Lead the delivery of governance, risk, and compliance by ensuring control testing, risk assessments, privacy & compliance, and issue management is satisfactory to company standards.
* Establish and oversee adherence to policies and standards impacting technology and cyber risks.
* Identify technology risk impacting the business that is quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
* Partner with vendor management teams to ensure effective vendor risk management.
* Apply working experience in multiple security or risk management domains (e.g., application security, vulnerability management, data protection, encryption, logging and monitoring, network security).
* Assess technology risks against business processes and products to effectively identify and suggest remediation plans.
* Ensure compliance with Data Privacy requirements (incl. GDPR) and PCI regulations.
Minimum Knowledge, Skills, and Abilities Needed to Perform Essential Functions of the Job
* Excellent written and verbal interpersonal skills.
* Customer service-oriented mindset.
* Ability to organize and facilitate meetings and workshops.
* Ability to conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
* Ability to identify issues/risk, analyze and understand underlying causes and devise appropriate action plans.
* Ability to work with minimal supervision and to develop cross-functional relationships.
Preferred Knowledge and Skills
* Bachelor's degree; Computer Science, Management Information Systems or Engineering/Science or equivalent industry experience.
* 7+ years of experience in Cybersecurity, Technology, Risk Management or Internal/External Audit, or a combination.
* In-depth knowledge of information security risk management processes, including information security policies, risk assessments, and implementation of security controls.
* Expertise in mapping NIST Cybersecurity Framework controls to organizational processes and systems.
* Cybersecurity, technology risk and/or audit certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).
* Experience in the financial services industry or a similar, heavily regulated environment.
* Proficiency with GRC tools and platforms.
* Proven experience in conducting audits, gap analyses, and implementing corrective actions.
* Excellent understanding of regulatory requirementApply here: https://www.aplitrak.com/?adid=YmJnZW5lcmljLjM5NjE3LjEwNTA4QGJhbmthdGZpcnN0Y29tcC5hcGxpdHJhay5jb20
If you are interested and qualified for this role, we invite you to apply.
The Director, Cyber Governance, Risk, and Compliance (GRC) will be key member of the Information Security leadership team. This person will define, build, and execute operational processes and ensure effective management of cyber risk within defined risk appetite. The Director will be responsible for ensuring the organization adheres to all regulatory and industry standards, conducting risk assessments, performing gap analyses, implementing corrective actions, and managing attestations and certifications. The ideal candidate will bring experience in cybersecurity and technology risk management, and a strategic mindset to drive continuous improvement in the company's security posture.
Essential Functions/Responsibilities
* Implement governance processes to reduce risk from failed internal processes, inadequate identification of risks, inadequate controls, and emerging risks.
* Lead the delivery of governance, risk, and compliance by ensuring control testing, risk assessments, privacy & compliance, and issue management is satisfactory to company standards.
* Establish and oversee adherence to policies and standards impacting technology and cyber risks.
* Identify technology risk impacting the business that is quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
* Partner with vendor management teams to ensure effective vendor risk management.
* Apply working experience in multiple security or risk management domains (e.g., application security, vulnerability management, data protection, encryption, logging and monitoring, network security).
* Assess technology risks against business processes and products to effectively identify and suggest remediation plans.
* Ensure compliance with Data Privacy requirements (incl. GDPR) and PCI regulations.
Minimum Knowledge, Skills, and Abilities Needed to Perform Essential Functions of the Job
* Excellent written and verbal interpersonal skills.
* Customer service-oriented mindset.
* Ability to organize and facilitate meetings and workshops.
* Ability to conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
* Ability to identify issues/risk, analyze and understand underlying causes and devise appropriate action plans.
* Ability to work with minimal supervision and to develop cross-functional relationships.
Preferred Knowledge and Skills
* Bachelor's degree; Computer Science, Management Information Systems or Engineering/Science or equivalent industry experience.
* 7+ years of experience in Cybersecurity, Technology, Risk Management or Internal/External Audit, or a combination.
* In-depth knowledge of information security risk management processes, including information security policies, risk assessments, and implementation of security controls.
* Expertise in mapping NIST Cybersecurity Framework controls to organizational processes and systems.
* Cybersecurity, technology risk and/or audit certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).
* Experience in the financial services industry or a similar, heavily regulated environment.
* Proficiency with GRC tools and platforms.
* Proven experience in conducting audits, gap analyses, and implementing corrective actions.
* Excellent understanding of regulatory requirementApply here: https://www.aplitrak.com/?adid=YmJnZW5lcmljLjM5NjE3LjEwNTA4QGJhbmthdGZpcnN0Y29tcC5hcGxpdHJhay5jb20
Source : First Financial Bank
