Austin, TX; Boston, MA; or Remote
We are currently seeking a Director of Global Cybersecurity Risk within the Governance, Risk and Compliance function. This role will report to the Vice President of Governance, Risk and Compliance within the Security Organization. This position may be based in Austin, TX, to Massachusetts or even remote.
This role will be responsible for enhancing and driving the global security and resiliency risk management strategy, framework, tools and processes to enable the business to identify, manage and remediate risk at strategic and operational levels. The right candidate will have a proven track record in defining and implementing risk methodologies and frameworks and be comfortable liaising and presenting risk at all levels of the organization.
- Define and implement a global security and resiliency risk management framework that includes alignment with business objectives and adoption of a common risk methodology, processes and taxonomy across the enterprise. Communicate and champion the risk management methodology and processes to ensure global adoption and consistent use.
- Refine enhance and drive the 3rd party risk management program with close partnership with procurement functions to identify and manage to acceptable levels security risk and exposure as it relates to 3rd party partners and vendors.
- Define and implement risk management processes and functions within the global eGRC platform to support the risk management frameworks. Champion adoption and implementation of the eGRC risk management processes across the organization.
- Recruit, manage, mentor and lead the risk team in conducting global and tactical risk assessments to identify and manage critical risks to the organization and critical assets as necessary.
- Develop board, executive and management-level reporting materials and dashboards that report routinely the organization’s security and resiliency risk posture, including risk reduction trends and risk mitigation status. Develop Key Risk Indicators (KRI) functionality and processes to inform management and executives of the changing risk landscape.
- Engage in continuous participation and partnership with other departments and business units and building/managing relationships across the organization to drive success of the GRC objectives and strategy.
- Bachelor’s or Master’s degree or equivalent experience in Information Security, Cyber Security, Risk Management or similar discipline preferred
- 10+ years of experience in information security risk management with a bias to the technology industry
- Ability to operate effectively in a fast-paced environment with competing and shifting priorities
- Ability to drive and globally integrate complex, multi-functional, cross-organizational initiatives through the influencing of and negotiation with stakeholders who at times may hold competing equities
- Ability to engage executive-level stakeholders on complex risk matters in a substantive manner with little to no oversight or guidance
- Ability to communicate risk and technical issues in business digestible terms
- Ensures rigorous attention to detail in all work activities and products
- Excellent written and verbal communication skills
- Results-driven and accountability-minded
- Demonstrates thought leadership and possesses best practice awareness across functional areas of responsibility
- Prior experience with leading, managing, and driving risk management programs for a large-sized organization, or equivalent experience, is required
- Professional certifications in governance, risk, compliance, security, or resiliency are preferred but not required
- Travel varies depending on base office location