Managing Director, Technology Risk Management

Your opportunity

Managing Director, Cybersecurity Risk Management

The Managing Director, Cybersecurity Risk Management is a senior leadership role reporting to the Head of Technology Risk Management within Corporate Risk Management, the firm’s second line of defense. This leader is accountable for the design, governance, and independent oversight of cybersecurity and data risk policies, frameworks, measurement, reporting, and assessment processes. The role requires broad, multidisciplinary expertise across cybersecurity, information technology, data governance, digital assets, and governance, risk, and control.

Key Outcomes:

• Lead an independent, integrated cybersecurity risk management program that assesses, monitors, measures, and reports on technology risks, including threat management, insider risk, vulnerabilities, cloud, data, and digital assets.
• Provide effective challenge and oversight of first-line cybersecurity controls across infrastructure security, cloud strategy, penetration testing, and cyber defense capabilities.
• Oversee data and digital asset risk domains, with clear coverage of confidentiality, integrity, availability, and privacy considerations.
• Establish risk metrics, monitoring, and reporting standards that strengthen issue identification, escalation, remediation, and enterprise accountability.
• Align specialized cybersecurity risk disciplines within a cohesive second-line oversight framework.
• Partner closely with Technology leadership to increase risk awareness, influence strategic direction, and advance the firm’s cybersecurity and data governance posture.
• Engage regularly with senior leaders across Corporate Risk Management, Audit, and regulatory stakeholders, including the Federal Reserve Board.
• Manage cyber risk within appetite by strengthening prevention and detection of security failures, maintaining regulatory and audit readiness, and enabling strategic initiatives such as AI, digital assets, and cloud adoption through disciplined risk governance.
• Improve risk transparency and decision-making through actionable metrics, clear escalation paths, and remediation governance.

Leadership Capabilities:

• Strategic leadership—integrates multiple cybersecurity risk disciplines within a clear enterprise oversight model.
• Enterprise coordination—partners effectively with the first and second lines of defense while driving consistency, accountability, and remediation at scale.
• Collaborative partnership—constructively challenges stakeholders while maintaining strong cross-functional relationships.
• Risk analytics and metrics orientation—quantifies, prioritizes, and reports risk through data-driven insights.
• Operational discipline—ensures scalable oversight, consistent documentation, and disciplined remediation tracking.
• Forward-looking risk mindset—adapts frameworks to address emerging risks, including AI, digital assets, and cloud.

What you have

Required Experience:

• 12 years minimum of broad cybersecurity expertise, with deep knowledge across infrastructure, cloud, threat management, insider risk, data, and digital assets in a diversified financial services environment of comparable scale and complexity.

• Significant leadership experience in cybersecurity, technology risk, information security, or related second-line risk management roles within a large, regulated financial services institution.
• Demonstrated ability to design, govern, and mature enterprise risk management frameworks, policies, standards, controls, and reporting processes.
• Proven experience providing independent oversight and credible challenge to first-line technology, cybersecurity, cloud, data, and infrastructure teams.
• Deep understanding of regulatory expectations for cybersecurity and technology risk management, including experience engaging with regulators, internal audit, and senior risk committees.
• Experience leading risk assessments, issue management, control evaluations, and remediation oversight across complex technology environments.
• Strong executive presence, with the ability to communicate complex cyber and technology risk issues clearly to senior leadership, boards, regulators, and cross-functional stakeholders.
• Experience building or leading high-performing teams with specialized expertise across cybersecurity, data risk, cloud risk, threat management, and risk analytics.
• Familiarity with emerging technology risk areas, including AI, digital assets, cloud transformation, third-party technology risk, and evolving cyber threat landscapes.
• Cybersecurity Certifications Preferred: CISSP, CISM, CRISC, or equivalent