×
Register Here to Apply for Jobs or Post Jobs. X

Director, Cyber Risk

Job in Nashville, Davidson County, Tennessee, 37247, USA
Listing for: Asurion
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below

Position Overview

The Director, Cyber Risk leads Asurion’s cyber and technology risk management discipline and is accountable for a consistent, outcome-driven program the business can rely on for decision‑making. This strategic, cross‑functional leader owns the end‑to‑end cyber risk lifecycle—identification, assessment, quantification, treatment, acceptance, monitoring, and reporting—along with the cyber risk register, risk appetite and tolerance framework, control assurance, and issues management. The Director partners closely with first‑line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management, Internal Audit, Legal, and Privacy.

This role sets the standard for sound risk judgment, develops a high‑performing team, and translates complex cyber risk into clear, defensible narratives for senior leadership and the board. This is a salaried, leadership role with enterprise impact, guiding a multi‑year maturity uplift from ad hoc practices to scalable, evidence‑based risk management.

Key Responsibilities
  • Own and continuously improve the cyber and technology risk management framework, methodology, taxonomy, and lifecycle aligned to NIST CSF 2.0, ISO 27001/27005, and applicable regulatory obligations.
  • Define standards, procedures, and rating scales for consistent enterprise‑wide risk identification, assessment, and reporting; partner with the PISO model to ensure common language and practices across portfolios.
  • Lead enterprise cyber risk assessments across technology, business, regulatory, and emerging‑risk domains to produce consistent, defensible determinations.
  • Establish and operate a cyber risk quantification capability (e.g., FAIR‑based) to express risk in business and financial terms and inform prioritization and investment decisions.
  • Maintain the enterprise cyber risk register; ensure risks are well‑described, owned, rated, and tracked to acceptable residual levels; develop and manage KRI/KCI programs for forward‑looking posture.
  • Operationalize the risk appetite and tolerance framework with the CISO and senior leadership; own risk acceptance and exception governance with clear, auditable documentation and time‑bound approvals.
  • Govern cyber risk policy structure, ownership, review cadence, and exception handling; chair or support cyber risk forums and elevate decisions to appropriate authority levels.
  • Lead second‑line, risk‑based assurance over design and operating effectiveness of key cyber controls in coordination with first‑line and Internal Audit; identify thematic weaknesses and drive structural remediation.
  • Own issues and remediation management—intake, prioritization, owner assignment, tracking to closure, and escalation of aging items.
  • Define and report outcome‑focused metrics (e.g., residual risk trends, out‑of‑appetite reduction, early‑versus‑late finding ratios, incidents tied to accepted risk) in executive‑ and board‑ready formats.
  • Serve as primary point of contact for cyber risk in regulatory exams, audits, and carrier‑partner due diligence.
  • Integrate cyber risk into Enterprise Risk Management to ensure consistency in enterprise risk reporting and governance; partner with Legal, Privacy, Procurement, and technology leaders to embed risk‑informed decisions.
  • Oversee vendor/third‑party risk within the cyber risk portfolio to ensure supply‑chain risk is governed in line with enterprise practices.
  • Build, lead, and develop a team of senior managers and analysts; set objectives, manage performance, and scale capacity through process improvement, tooling, and appropriate AI‑assisted workflows.
Education and Experience
  • Bachelor’s degree in a related field or equivalent professional experience.
  • 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams/domains.
  • Proven experience designing, leading, or substantially maturing an end‑to‑end enterprise cyber/IT risk management program.
  • Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three‑lines‑of‑defense model.
  • Experience operating a risk register, risk appetite/tolerance…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary