Our client is the Global Head of Governance, Risk and Compliance (GRC), of a Fortune 500 multinational conglomerate, who is seeking to hire a Director of Enterprise Cyber and Technology Risk Oversight. This will be a senior leadership position responsible for strategically managing and governing the entire cyber and technology risk environment.

In this role you will lead a team of professionals and provide executive oversight to the managed services provider (MSP) tasked with conducting cyber risk assessments of technology, third-party reviews, and emerging technology.

As a senior leader, the Director sets the strategic vision, establishes risk tolerance thresholds, and ensures consistent execution of risk processes across the enterprise. Additionally, the Director oversees key risk functions, including operational risk management of the cyber/IT risk registers, handling findings, and managing cyber risk aspects of M&A and divestiture activities.

Key Responsibilities:

Strategic Leadership:

• Develop and implement a comprehensive cyber and technology risk management strategy aligned with organizational goals.
• Set strategic vision and establish risk tolerance thresholds.

Risk Assessment and Management:

• Oversight of the identification, assessment, and prioritization of cyber and technology risks.
• Oversight the development and execution of risk mitigation plans.

Team Leadership:

• Manage and mentor a team of Cyber risk management professionals.
• Foster a culture of risk awareness and proactive management.

Governance and Compliance:

• Ensure compliance with relevant industry standards, regulations, and best practices through risk assessments.
• Oversee the execution of risk processes consistently across the enterprise.

Vendor and Third-Party Oversight:

• Provide executive oversight of managed services providers responsible for assessments, third-party reviews.

Operational Risk Management:

• Oversee operational risk functions, including cyber/IT risk registers and finding management.
• Manage cyber risk components of M&A and divestiture activities.

Reporting and Communication:

• Communicate risk management strategies and outcomes to executive leadership and stakeholders.
• Prepare and present risk reports and dashboards.

Requirements:

• Bachelor’s degree or higher (completed and verified prior to start)
• Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
• Five (5) years of management and/or supervisor experience
• Deep understanding of cyber risk frameworks and methodologies (NIST CSF/RMF, ISO 27001/27005, COBIT, etc.)
• CISSP certification or one of the following certifications such as SANS, ISACA (CGEIT, CISA, CISM, ISO 31000 CRISC, ISO 27001 Lead Auditor). Multiple certifications from the list above are preferred
• Experience overseeing third-party cyber risk processes
• Familiarity with GRC tools and risk tracking platforms (e.g., ServiceNow, Archer, OneTrust)
• Experience working with managed service providers or co-sourced risk execution models
• Strong leadership presence and communication skills across technical and business stakeholders

Additional qualifications that could help you succeed even further in this role include:

• Master’s degree in computer engineering, computer systems or information technology field from an accredited institution
• Excellent communication, negotiation, and relationship-building skills.
• Strong analytical and problem-solving skills
• Ability to work collaboratively with internal teams and external vendors.