Cyber Risk Manager (Remote)

About the position Responsibilities • Leads the design and implementation of process evaluation methods, and the development of expert solutions to address identified risks. • Works closely with management to ensure risk strategies are effective and compliant. • May involve creation, evaluation, and execution of targeted risk assessments to evaluate risk conditions. • Maintains a strong knowledge of cybersecurity risk management developments or changes within the organization, industry, and market. • Produces reports based on risk management assessments, data analysis, company trends, and risk factors. • Conveys root cause analysis, patterns, problems, and areas of improvement. • Enables insight into potential risk exposure, losses and mitigation of identified risks through reporting activities. • Supports cybersecurity processes through a variety of escalated operational tasks. • Develops, implements, and ensures continuous improvement of procedures. • Acts as a resource to provide guidance to management, including production of documentation, presentations, or other materials to educate on risk policies and procedures. • Handles complex technical matters and participates in special projects. Requirements • Bachelor's Degree and 4 years of experience in cyber risk management, or cyber risk oversight OR High School Diploma or GED and 8 years of experience in risk management, or financial analysis, or statistical modeling. • Experience identifying information security risk and partners with key stakeholders to monitor, reduce or eliminate risk. • Experience conducting risk and control activities per the Enterprise Risk Management Program and Regulatory requirements. • Experience executing cyber risk management procedures for required assessments, open high risks, root cause analysis, action plan development, remediation documentation and monitoring. • Experience reviewing emerging risks concerns and provides early warning indicators on key risks. • Experience developing, enhancing, or optimizing cyber risk assessment processes, methodologies, or frameworks to drive improved risk identification and management practices. • Experience with NIST frameworks, demonstrated background in applying and implementing NIST standards (e.g., CSF, SP 800-53) to develop, assess, improve cybersecurity controls and practices. • Impeccable written and oral communication skills with ability to influence strategic objectives. Nice-to-haves • 7-10 years of experience in risk management leading risk assessments (FFIEC CAT, GLBA, NIST CSF, PCI, ISO, Cyber Security Management). • 3+ years of experience at Large Financial Institution. • CISSP, CISA, CISM or CRISC certification. • Broad knowledge and understanding of cybersecurity risks and controls, including a strong understanding of IT infrastructure, cloud computing, mobile technologies, and cybersecurity technologies. • Extensive knowledge and subject matter expertise in managing cybersecurity risk in an institutional setting including the related rules and regulations of the financial services industry to include applicable Interagency Guidance, NIST, CSA, FFIEC, OCC, FRB, state law and other pertinent regulations. • In-depth practical knowledge of internal controls, risk assessments and operational and cybersecurity processes, and applicable techniques for implementation of regulatory, cybersecurity, and legal requirements and operational processes. • Strong project management and/or continuous improvement skills. Benefits • The base pay for this position is generally between $160,000 and $210,000. • Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. • For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment. • First Citizens benefits programs are designed to meet our associates where they are in life. • Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. Apply tot his job Apply tot his job