Sr. Cybersecurity Operational Risk Officer

Location

4910 Tiedeman Road, Brooklyn Ohio

Reporting to the Director of Cybersecurity Risk Oversight, the Sr. Cybersecurity Risk Oversight Professional is a 2nd Line of Defense risk management position that provides independent oversight and Risk Management subject matter expertise to 1st Line of Defense Business units and their corresponding Business Risk and Control Analysts.

This position is responsible for Operational Risk oversight of the Key Technology and Operations Services line of business, as well as technology and information security risk oversight for areas of the enterprise that manage technology. As part of this oversight role, experience with cybersecurity domains, operations, architecture, governance, information security, and the ability to leverage that experience to identify material risks, provide credible challenge and assist in developing effective mitigation strategies.

• Evaluate risk and control identification within key processes and perform gap assessments on control coverage as well as first line of defense identification processes
• Collaborate with leaders to gain insights on operational performance, emerging risks and strategic initiatives while identifying opportunities for improvement
• Evaluate and monitor projects, strategic initiatives, and new technologies to ensure alignment with risk tolerance and business goals
• Review risks, controls and, conduct assessments to support effective oversight and compliance with risk management requirements
• Oversee the technology portfolio, assessing projects and initiatives to ensure alignment with risk appetite and adequate mitigation strategies
• Support and enhance the overall risk oversight framework by developing and updating oversight practices
• Partner with various teams to influence the implementation of operational practices to mitigate risk within appetite
• Provide expert advice on risk management practices, offering practical solutions to mitigate identified risks
• Analyze and assess risks associated with new products or services including third parties
• Assist with audits and regulatory examinations, ensuring through and timely responses to inquiries and findings
• Foster positive relationships with business partners and senior management ensuring open communication on risk matters
• Escalate and report any significant risk issues and facilitate appropriate corrective actions
• Perform ongoing monitoring of emerging risks, industry and regulatory trends

• Bachelor s degree in business, finance, technology, or economics or commensurate/relevant degree is required
• Minimum of 5 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the technology or information security lines of business
• Outstanding active listening skills
• Demonstrated ability to work with internal and external auditors and regulators
• Ability to think strategically coupled with the ability to drive to execution
• Ability to view risk holistically within a dynamic, fast paced team environment
• In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes
• Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies
• Capable of conducting in depth testing of systems, processes and controls
• Manage workflows and task assignment to ensure timely completion of work
• Have an execution oriented, process efficiency and continuous improvement mindset
• Possessing intellectual curiosity and a passion for seeking to understand
• Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices

• Applicable certifications such as:
  • ISACA: CISA, CRISC, CET, CGEIT, CISM
  • ISC2: CISSP, CCSP, SSCP
  • Cloud Security Alliance Certs: CCAK
  • Cloud Provider-Specific Certifications

• MBA, Law Degree or other relevant advanced education
• Current and practical knowledge of Technology and/or Information Security activities, challenges, and workflows
• Additional industry certifications such as those listed above
• BS or Masters in Technology or Security related field
• Foundational knowledge of Archer GRC preferred
• Project management, Agile experience preferred

• Demonstrated experience working with regulatory agencies, guidelines and requirements
• Strong ability to work with all levels of management within the company
• Experience working/managing projects across multiple functional areas and dealing with multiple business partners
• Experience working on initiatives that require strategic planning/thinking
• Flexibility to switch priorities based on the needs of the company in a fast-paced environment
• Ability to grasp complex processes quickly and be able to identify risks and…