Director, Cyber Resilience & Risk Management

Purpose of the Job

This role is responsible for directing, planning, and organizing the bank’s Cyber Risk Management, Cyber Supply Chain Risk Management, Enterprise Cyber Security Controls management, and resilience testing capabilities. This role develops and manages processes that manage the Cyber risk lifecycle from identification to treatment and monitoring. This role facilitates the communication and presentation of cyber risk information to critical technology and business stakeholders.

Main Activities:

• Overseeing and maturing the bank’s Cyber Resilience Testing program e.g. Red team exercises, cyber threat simulations.
• Develop and oversee the approach to measuring the effectiveness of EQBank’s Enterprise Cyber Security Controls.
• Manage the process for measuring, tracking, and reporting cyber capabilities maturity levels.
• Support Cyber Roadmap and planning processes by analyzing controls, maturity, and risk information to identify high priorities for the bank’s cyber security program.
• Develop and manage the Cyber security Policy exception and risk acceptance processes of the bank.
• Oversee the bank’s activities to manage third-party cyber risk exposure, working closely with the 2nd Line of Defense in alignment with the bank’s Third-Party Risk Management framework.
• Develop the bank’s data-driven risk reporting medium to technology and business to ensure transparency and risk-informed decision making while also developing means of measuring and reporting on risk appetite breaches.
• Oversee the development and management of the bank’s cyber risk register, ensuring alignment with Enterprise Risk Management and Operational Risk Management practices.
• Develop and maintain IT Asset controls and applicability tools and documentation.
• Manage the methodology and tools to operationalize the bank’s Cyber Measurement practice, providing accurate and timely reports on KRIs and OKRs.
• This role manages people managers and provides mentoring and coaching to ensure teams within purview can effectively perform their duties.
• Develops and maintains cyber risk analysis methodology and provides input into prioritized investment in cyber security controls.
• Develops technical plans and technological roadmaps to address areas of risk in alignment with the corporate, technology, and cyber strategic objectives.
• Drive cross-functional collaboration to achieve objectives of the programs in purview.
• Responsible for maintaining the standards, procedures, and guidelines for domains under purview.
• Develop and manage measures to ensure effective monitoring control adequacy and compliance for areas under purview.
• Developing and managing means of measured performance of control processes and technologies for areas under purview.
• Provide technical guidance for the team and subject matter advice to stakeholders.

Knowledge/Skill Requirements:

• A college diploma or university degree in computer science (or related course) or Industry recognized certifications (e.g. CISSP) with 7 years cyber security experience is required.
• Minimum of 8 years of technical IT experience.
• Minimum of 6 years of Cyber Security experience.
• Strong knowledge of cyber security frameworks, controls, and practices.
• Strong engineering or security architecture knowledge (prior hands-on technology engineering experience is preferred).
• Good understanding of human risk factors and techniques for managing this risk, including security awareness programs.
• Cyber Risk Quantification and Analysis (Cyber Risk Management). Specific knowledge with FIAR methodology preferred.
• Good knowledge of cyber threats, risks, and control design best practices.
• People & resource management.
• Strategic and Financial Planning.
• Good knowledge of Insider risk management tools and techniques.
• Process & capability Management.
• Technology Roadmaps.
• Ownership & Accountability.

Communication Skills:

• Good documentation skills.
• Strong presentation skills.
• Business communication of technical topics.
• Good interpersonal skills, with a proven track record of developing relationships and communicating conceptual information effectively to individuals unfamiliar with subject material.
• Strong organizational skills: demonstrated ability to manage time and adhere to tight deadlines.
• Confident, personable, credible professional presence.

Job Complexities/Thinking Challenges:

• Required to use creativity to solve problems, especially in unique or complex situations.
• Requires influence of organizational culture; as such, requires strong interpersonal skills, competence to draw stakeholder confidence, and excellent presentation skills.
• The role involves both routine tasks and complex planning, with strategic importance.
• Ability to adapt to constantly changing technical, regulatory, and compliance environments.
• Analytical mind capable of managing numerous information sources, making decisions, and providing data analysis reports to management.
• Involves analyzing data to make recommendations and find solutions.