Sr. Director Operations and Risk Management (R7495)

Compliance | Remote, United States

Apply Now!
Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems. Identifies cybersecurity architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems. Establishes and implements operational policies and appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements. Monitors systems for cybersecurity vulnerabilities, threats and events, oversees incident response planning, and leads vulnerability audits and forensic investigations. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers. Develops and executes security systems compliance policies and procedures. Selects, develops and evaluates personnel to ensure the efficient operation of the function.
  • Report directly to the Chief Security Officer and manage a team of 15 individuals including 3 managers
  • Manage a multi-million dollar budget
  • Drive and continuously improve upon the Information Security Governance Lifecycle
  • Manage and improve our in-depth security metrics reporting framework
  • Establish customer facing security scoring and reporting programs
  • Perform ongoing security assessments across the company
  • Manage all our cyber security certifications (SOC 2, NIST, etc.)
  • Drive BCP (Business Continuity Planning) related initiatives with teams across the organization: Security, Legal, Finance, Customer Support, Engineering, HR, etc.
  • Work with stakeholders throughout the company to understand their business needs and requirements
  • Interact with customers and business partners to understand and respond to their BCP assurance needs and concerns
  • Identify gaps in technical and policy documentation which impact Risk Management functions
  • Perform Operational Risk Management related to third party vendors
  • Rapidly notify management of potential risk events
  • Perform Business Impact Analyses across departments
  • Participate in internal and external audits and properly articulate the business function risk profile, risk management strategies and controls effectiveness
  • Organize tabletop crisis management scenario training for management and appropriate staff
  • Update response plans annually for any necessary changes (new risks, re-orgs, etc.)
  • Communicate regularly with leaders and senior management through reports, dashboards, and PowerPoint
  • Develop and provide training to teams across the company
  • Track, investigate, and assist in any crisis management incidents
  • Monitor news and alert services to identify events that could impact our offices and/or employees
Qualifications
  • 10+ years risk and/or crisis management experience – including strategic planning, implementation, execution and maintenance
  • Strong knowledge of risk assessment methodologies
  • Experience running tabletop exercises for cyber incident simulation
  • Experience conducting physical emergency preparedness exercises
  • Strong project/program management skills
  • Excellent written, verbal, and presentation skills with the ability to tailor messaging to the intended audience
  • Experience working with Amazon Web Services or other public cloud providers
  • Experience translating legal or contractual requirements into technical controls
  • Experience with audit process and methodologies
  • Expertise in providing solutions and recommendations based on internal and external factors
  • Bachelor's degree in a related field
Apply Now!