Lead Cyber and Third-Party Resilience | New York (On-site)

Hi,

Position : Lead Cyber and Third-Party Resilience

Location : New York (On-site)

Duration : 12+ Months

Interview Mode : In-person

Need Local Profile

Visa : GC / USC or H4-EAD

JD

Key Responsibilities

Strategic Leadership

o Develop and lead a cyber and third-party resilience strategy aligned to the bank's operational resilience framework and key business services.

o Translate enterprise resilience strategy and regulatory expectations (e.g., FFIEC, DORA, EBA, PRA) into actionable, risk-informed response strategies.

o Establish and manage governance forums and escalation protocols for cyber and third-party resilience oversight.

o Lead implementation across 1LoD teams to ensure timely and effective delivery of resilience capabilities.

o Guide the identification of essential service (ES) dependencies, incorporating cyber and vendor risk into recovery strategies.

o Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD / MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders.

Cyber & Third-Party Resilience

o Partner with Cybersecurity and IT to embed cyber recovery capabilities (e.g., playbooks, failover mechanisms, immutable backups) into essential services.

o Collaborate with Third-Party Risk Management and Procurement to ensure resilience obligations are embedded in contracts, onboarding, and monitoring.

o Partner with the Operational Resiliency Testing Lead to coordinate tabletop exercises, testing, and simulations for high-risk scenarios (e.g., ransomware, CTPSP outage, geopolitical vendor disruption).

o Manage tracking and closure of findings from tests, risk reviews, and regulatory exams related to cyber or third-party resilience.

Process and Technology Optimization

o Drive optimization of cyber and third-party incident response processes using data analytics, metrics and automation opportunities.

o Partner with the Crisis and Incident Management Lead, Cyber, Technology, and Ops teams to align response processes and eliminate gaps in cross-domain coordination.

o Assist in embedding "resilience by design into technology builds and operational processes, including architecture reviews, solution designs, and procurement processes.

o Support resilience control automation and tooling to reduce recovery time and enhance response coordination.

o Partner with the Business Resiliency Planning Lead to guide BIA execution, dependency mapping, and impact tolerance assessments across technology and third-party ecosystems.

Regulatory Compliance and Audit Readiness

o Ensure full compliance with FFIEC, DORA, EBA, PRA and other regulators.

o Lead regulatory and internal / external audit preparation, ensuring cyber and third-party resilience capabilities are evidenced through documentation, testing evidence, post-incident reviews and corrective actions, and impact tolerance testing results.

o Integrate third-party and cyber risk response coordination into incident response playbooks, ensuring vendor engagement and joint response capabilities are embedded and tested.

o Assist in conducting formal Root Cause Analysis (RCA) and post-incident reviews, identifying systemic issues and implementing corrective actions.

Core Competencies

Operational Execution

o Demonstrated ability implementing resiliency plans, coordinating response efforts and driving complex program delivery across business, technology, cyber, and third-party domains.

o Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.

Strategic Vision

o Ability to define and execute cyber and third-party resilience programs aligned with regulatory and business objectives.

o Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.

Regulatory Acumen

o Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and EBA.

Operational Discipline

o Demonstrated understanding of impact tolerances, business continuity, disaster recovery, cyber response, and vendor resilience programs.

o Familiarity with resilience-enabling technologies, such as cloud failover, system redundancy, backup architecture, and monitoring tools.

o Skilled in designing, executing, and learning from testing exercises (e.g., cyber breach, vendor outage).

Influence & Communication

o Strong ability to engage and influence executive leadership and cross-functional teams under pressure.

Continuous Improvement

o Embeds lessons learned, metrics, and feedback loops into the resilience lifecycle.

Strategic Communication & Risk Analysis

o Proficient in Microsoft Excel and PowerPoint to analyze complex cyber and third-party data, develop resilience metrics, and create executive-level presentations that inform cybersecurity strategy, enhance third-party oversight, and support key stakeholder decision-making.

Soft Skills & Leadership

o Strong leadership and project management skills.

o Excellent communication and stakeholder management skills, with the ability to influence technical and non-technical teams.

o Analytical mindset with a proactive approach to problem-solving and risk mitigation.

o Ability to thrive in a fast-paced, high-stakes environment with competing priorities.

o Comfortable working in a highly global, diverse, and hybrid (office and virtual) work environment

o Strong communication and documentation skills.

Thanks & Regards

Niranjan Kumar | Technical Recruiter

Email : niranjan@stellentit.com

Stellent IT | office :