Technology Risk Director- CyberSecurity
Job in
Johnston, Providence County, Rhode Island, 02919, USA
Listed on 2026-06-02
Listing for:
Citizens Financial Group, Inc.
Full Time
position Listed on 2026-06-02
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Project Manager
Job Description & How to Apply Below
As a First Line of Defense Cybersecurity Risk Director within the Enterprise Technology Security (ETS) Risk organization, you will provide strategic leadership in protecting the organization against evolving cyber threats while enabling business innovation. This role is accountable for the design, execution, and continuous maturity of the cybersecurity risk management framework, ensuring cyber risks are proactively identified, assessed, mitigated, monitored, and transparently reported.
You will serve as a trusted advisor to senior leadership, translating complex cybersecurity and technology risks into clear business impacts and risk-based decisions aligned to enterprise risk appetite. The role partners closely with Technology, Corporate Security, Legal, Compliance, Risk, Audit, and business leaders to ensure cybersecurity risk strategies are fully integrated with business objectives, regulatory expectations, and enterprise resilience goals.
You will also lead and develop a high performing team of cybersecurity risk professionals, fostering a culture of strong risk discipline, constructive challenge, and continuous improvement across the organization.
Key Responsibilities
Leadership & Strategy
* Lead, coach, and develop a team of cybersecurity risk analysts, principals, and managers, establishing a consistent, scalable, and value driven risk support model across the enterprise.
* Define and evolve the cybersecurity risk management strategy and operating model, ensuring alignment with enterprise risk appetite, regulatory requirements, and business priorities.
* Translate cyber and technology risks into business relevant impacts, enabling senior management to make informed, risk-based decisions.
Cybersecurity Risk Management & Oversight
* Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
* Define and maintain key risk indicators (KRIs), controls, and control testing strategies to measure cybersecurity risk exposure and control effectiveness.
* Provide oversight of Risk and Control Self Assessments (RCSAs), Targeted Risk Reviews, business initiative risk assessments, and issue management, ensuring timely remediation and sustainable risk reduction.
* Maintain visibility into detailed cyber risk assessments, advising business and technology leaders on prioritized mitigation strategies and risk tradeoffs.
Business Partnership & Advisory
* Act as a strategic risk advisor to business lines and technology leaders, providing day to day guidance on regulatory compliance, risk mitigation, and industry best practices.
* Advise on new products, processes, technologies, and strategic initiatives, ensuring appropriate risk identification, control design, and governance approvals are in place.
* Guide business partners through enterprise governance forums and approval processes, ensuring cyber risks are understood, documented, and appropriately managed.
Regulatory, Audit & External Engagement
* Serve as the primary risk lead for regulatory exams and audits related to cybersecurity and technology risk for assigned products or functions.
* Partner with Internal Audit, and second line stakeholders, leading exam preparation, responses, and ongoing issue remediation.
* Ensure compliance with applicable laws, regulations, and supervisory guidance, including FFIEC, GLBA, SOX, and other relevant standards.
Collaboration & Stakeholder Management
* Build and maintain strong, trusted relationships with business partners, technology leaders, security teams, project stakeholders, and subject matter experts.
* Collaborate across lines of defense to provide effective challenge while enabling responsible innovation and delivery.
* Promote a culture of cybersecurity awareness and operational resilience across the organization.
Qualifications - Experience & Skills
* 10+ years of experience in Cybersecurity and/or Information Technology, with deep exposure to enterprise environments.
* 10+ years of risk management experience within financial services, preferably in cybersecurity, technology risk, or operational risk.
* Strong experience with cloud technologies (IaaS, PaaS, SaaS), Dev Sec Ops , web applications, operating systems, databases, and networking.
* Broad knowledge of cybersecurity domains including:
* Network and infrastructure security
* Vulnerability and configuration management
* Identity and Access Management including Customer Identity
* API and application security
* Data protection and cryptography
* Operational resilience
* Incident, problem, and change management
* Experience operating in a highly regulated environment under significant supervisory scrutiny.
* Solid understanding of internal controls, risk assessments, and governance processes.
* Working knowledge of FFIEC guidance, GLBA, SOX, and related regulatory frameworks.
* Familiarity with leading industry frameworks, including Cybersecurity Risk…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×