Key skills
CloudCyber SecurityRisk ManagementCommunicationCritical ThinkingCloud Security
About this role
Role Overview
- Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management
- Perform risk‑based assessments of first line security practices, identifying gaps, weaknesses, thematic concerns, emerging risks, and control deficiencies
- Develop and articulate independent risk opinions supported by sound analysis, evidence, and professional judgment
- Evaluate alignment of first line activities with applicable laws, regulations, regulatory guidance, industry standards (e.g., NIST 800-53, FFIEC, PCI, NIST CSF 2.0, etc), and internal policies
- Monitor key risk indicators, security metrics, assessment results, and issue trends to identify systemic risks or areas requiring escalation
- Escalate material risks, control weaknesses, or ineffective risk management practices through appropriate governance and reporting channels
- Act as a subject matter expert on information security risk, providing insights and guidance to stakeholders while maintaining 2LoD independence
- Build and maintain strong, professional relationships with first line stakeholders while confidently challenging assumptions, conclusions, and risk positions when necessary
- Contribute to executive‑level risk reporting by clearly summarizing risk posture, trends, and areas of concern in a concise and defensible manner
- Stay current on evolving cybersecurity threats, regulatory expectations, and industry best practices to continuously strengthen oversight effectiveness
Requirements
- Bachelor's degree, or equivalent work experience
- Typically more than eight years of applicable experience
- Strong foundational understanding of information security domains (e.g., vulnerability management, identity and access management, application security, cloud security, security governance, incident management)
- Demonstrated ability to perform risk assessments and oversight activities with depth, critical thinking, and professional skepticism
- Experience operating in or with a Second Line of Defense, audit, or regulatory environment is strongly preferred
- Proven ability to work independently and autonomously, managing priorities and delivering high-quality work with limited direction
- Strong written and verbal communication skills, including the ability to translate technical risk into clear, executive-ready insights
- Ability to engage confidently with senior stakeholders while maintaining independence, objectivity, and professionalism
- Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred but not required
Tech Stack
- Cloud
- Cyber Security
Benefits
- Healthcare (medical, dental, vision)
- Basic term and optional term life insurance
- Short-term and long-term disability
- Pregnancy disability and parental leave
- 401(k) and employer-funded retirement plan
- Paid vacation (from two to five weeks depending on salary grade and tenure)
- Up to 11 paid holiday opportunities
- Adoption assistance
- Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law