Head of Cyber & Technology Risk

At BBH, Partnership is more than a form of ownership—it’s our approach to business and relationships. We know that supporting your professional and personal goals is the best way to help our clients and advance our business. We take that responsibility seriously. With a 200-year legacy and a shared passion for what’s next, this is the right place to build a fulfilling career.

Enterprise Risk Management is hiring a Head of Cyber & Technology Risk to assist in strengthening the technology risk and control environment that protects the firm’s systems, data, and operations. In this role, you’ll partner closely with Technology Leadership and key second-line stakeholders to identify, assess, and monitor risk; enact pragmatic control improvements; and provide clear, actionable guidance that enables secure delivery.

You’ll bring strong judgment, executive-ready communication, and the ability to translate complex technical risks into focused priorities and outcomes.

• Serve as a senior advisor to Technology leaders on cyber and technology risk across known issues, evolving threats, and emerging technologies.
• Influence enterprise strategy and provide credible challenge to senior stakeholders to ensure risk remains within the firm’s risk appetite.
• Anticipate regulatory and industry expectations; translate them into forward‑looking guidance that shapes program roadmaps.
• Represent Cyber & Technology Risk on firm‑wide committees, working groups, and—when needed—client and external partner discussions.
• Own and continuously enhance the cyber and technology risk program, including policies, standards, and independent control assessments.
• Escalate material risks, high‑severity issues, and emerging trends to Technology leadership and relevant governance forums.
• Oversee corrective action plans and validate closure; analyze themes and root causes across audit and regulatory findings and operational risk events.
• Lead risk reviews for new products, services, and material changes; partner with Legal, Compliance, and Risk teams to align decisions to risk tolerance.
• Coordinate external assurance activities (e.g., SOC
  2), including evidence management, walkthroughs, and timely responses to requests.
• Partner with Internal Audit, Compliance, and Legal to continuously strengthen the firm’s risk and control infrastructure.

• Maintain and enhance technology risk policies and standards, translating regulatory expectations into practical, implementable requirements.
• Contribute to AI governance and oversight by supporting control design, risk assessments, and adoption of firm‑wide guardrails.
• Design and deliver risk and control training that improves awareness, ownership, and day‑to‑day execution across Technology.
• Partner with Information Security to refresh security awareness content and embed coverage of emerging risks (e.g., phishing, third‑party, cloud, and AI).

• Build trust‑based relationships across Technology to ensure early engagement on strategy, roadmaps, major initiatives, and ongoing activities.
• Set priorities and an operating rhythm for the Cyber & Technology Risk team to deliver high‑quality outcomes efficiently and consistently.
• Develop talent with strong business acumen and the ability to engage credibly with senior stakeholders.
• Hire, coach, and manage performance to build and retain a high‑performing team.
• Foster a culture of intellectual curiosity, constructive challenge, and continuous improvement.

• 15+ years of experience in technology risk management, technology audit, controls, or a related discipline within financial services or another highly regulated environment.
• Bachelor’s degree required; advanced degree preferred. Certifications such as CISSP, CISM and/or CRISC are a plus.
• A proven, senior‑level risk leader with the credibility to advise—and appropriately challenge—Technology executives.
• Demonstrated ability to influence at the enterprise level and shape strategy through clear, data‑informed risk perspectives.
• A track record of building and leading…