<p>Summary:</p> <p>The Head of Cyber Risk Management is a senior leadership role responsible for establishing, maintaining, and overseeing the organization's comprehensive Cyber Risk Management framework including core components of Governance, Risk, and Compliance. This individual will lead the identification, assessment, mitigation, monitoring, and reporting of cyber risks across the enterprise, ensuring alignment with business objectives, regulatory requirements, and industry best practices. This role requires deep expertise in both cybersecurity principles and risk management methodologies within the context of a complex and highly regulated environment. The Head of Cyber Risk Management will work closely with executive leadership, technology teams, compliance, legal, internal audit, and business units to embed a strong cyber risk culture. The successful candidate will ensure that cyber risk management practices align with the organization's risk appetite, global regulatory obligations (e.g., FFIEC, HIPAA, NYDFS, and DORA), and strategic objectives, ultimately safeguarding sensitive data, intellectual property, and operational continuity.</p> <p>Key Responsibilities:</p> <p>1.ÂÂÂÂ Cyber Risk Framework Leadership:</p> <p>ÂÂÂÂÂÂÂÂÂ Own, maintain, and mature the organization's Cyber Risk Management Framework (CRMF), ensuring alignment with industry standards (e.g., NIST CSF, CRI, FFIEC) and specific regulatory frameworks applicable to our industry.</p> <p>ÂÂÂÂÂÂÂÂÂ Integrate the Cyber Risk Management program with the overall Enterprise Risk Management (ERM) framework.</p> <p>ÂÂÂÂÂÂÂÂÂ Define and implement cyber risk assessment methodologies (qualitative and quantitative) suitable for diverse assets, including IT, OT/manufacturing systems (if applicable), cloud environments, and third parties.</p> <p>ÂÂÂÂÂÂÂÂÂ Champion the integration of cyber risk considerations into business processes, technology adoption, and strategic initiatives.</p> <p>ÂÂÂÂÂÂÂÂÂ Define the organization's cyber risk appetite and tolerance levels in collaboration with executive management and the Board.</p> <p>ÂÂÂÂÂÂÂÂÂ Oversee the implementation and management of tools and techniques for risk analysis, including threat modeling, vulnerability assessments, and potentially quantitative risk analysis (e.g., FAIR methodology).</p> <p>2.ÂÂÂÂ Risk Assessment & Analysis:</p> <p>ÂÂÂÂÂÂÂÂÂ Direct and oversee periodic and event-driven cyber risk assessments across the enterprise landscape.</p> <p>ÂÂÂÂÂÂÂÂÂ Analyze threat intelligence, vulnerability data, and control effectiveness to provide a clear picture of the cyber risk posture.</p> <p>ÂÂÂÂÂÂÂÂÂ Focus specifically on risks related to sensitive data (e.g., client financial data, intellectual property), critical systems (e.g., manufacturing control systems, core financial platforms), and regulatory compliance failures.</p> <p>ÂÂÂÂÂÂÂÂÂ Mature the organization's third-party cyber risk management program, ensuring rigorous assessment and ongoing monitoring of vendors and partners.</p> <p>ÂSkills & Knowledge:</p> <p>ÂÂÂÂÂÂÂÂÂ Expert knowledge of cyber risk management principles, methodologies, and frameworks (NIST CSF, CRI, ISO 27001/5, COBIT, etc.).</p> <p>ÂÂÂÂÂÂÂÂÂ In-depth understanding of cybersecurity domains: network security, application security, cloud security, data protection, identity and access management, incident response, vulnerability management, third-party risk.</p> <p>ÂÂÂÂÂÂÂÂÂ Proven ability to translate complex technical issues into understandable business risks and impacts for non-technical audiences.</p> <p>ÂÂÂÂÂÂÂÂÂ Strong understanding of relevant laws, regulations, and industry standards (specify key ones like HIPAA, NYDFS Part 500, CRI, CMMC as applicable).</p> <p>ÂÂÂÂÂÂÂÂÂ Excellent leadership, communication (written and verbal), presentation, and interpersonal skills.</p> <p>ÂÂÂÂÂÂÂÂÂ Strong analytical, strategic thinking, and problem-solving abilities.</p> <p>ÂÂÂÂÂÂÂÂÂ Experience interacting with regulators and auditors.</p> <p>ÂÂÂÂÂÂÂÂÂ Certifications: One or more relevant professional certifications required (e.g., CRISC).</p> <p>Preferred Qualifications:</p> <p>ÂÂÂÂÂÂÂÂÂ Master's degree in a relevant field.</p> <p>ÂÂÂÂÂÂÂÂÂ Experience implementing quantitative risk analysis models (e.g., FAIR).</p> <p>ÂÂÂÂÂÂÂÂÂ Experience with Governance, Risk, and Compliance (GRC) platforms.</p> <p>ÂÂÂÂÂÂÂÂÂ Direct experience managing regulatory examinations focused on cybersecurity.</p> <p>ÂÂÂÂÂÂÂÂÂ Proven track record of developing and implementing successful enterprise-wide cyber risk programs in complex organizations.</p>