Director - Operational Risk, Cybersecurity

Overview

Director, Operational Risk Management Oversight – Cybersecurity Risk

Citizens is hiring a Director to join our Operational Risk Management Oversight team with a focus on cybersecurity risk. This leadership role provides independent oversight, review, and challenge of cybersecurity-related risks across the enterprise. You will collaborate with senior stakeholders to ensure material risks are well defined, effectively managed, and aligned with regulatory expectations. Strong knowledge of emerging technology risks, cybersecurity standards, best practices, and U.S. regulatory requirements is essential.

Responsibilities

Lead a team of three providing independent oversight and challenge of cybersecurity risk management activities within the first line of defense. Evaluate formal risk program activities including Risk and Control Self-Assessments, issues management, controls management, and new business initiative risk assessments.

Advise first line risk partners on complex risk issues while assessing aggregate enterprise-wide risks. Collaborate across all three lines of defense, escalate emerging risk issues requiring remediation, and drive accountability. Maintain strong relationships with internal stakeholders and regulatory agencies.

Monitor external trends and regulatory priorities to assess impact on the enterprise risk profile. Partner with stakeholders to implement mitigation strategies.

Participate in cybersecurity incident response activities to ensure real-time risk assessment and appropriate mitigation. Post-incident, lead or contribute to root cause analysis and recommend next steps.

Conduct targeted risk assessments on emerging issues to provide independent opinions on enterprise impact.

Operate within governance structures while identifying opportunities to improve efficiency and effectiveness. Manage policy and program governance and perform assurance activities to assess compliance.

Engage with business areas to provide domain-relevant advice, monitoring, and credible challenge to ensure the Operational Risk Management Program is effectively implemented.

Required Experience

8+ years demonstrated cybersecurity domain expertise

4+ years risk management experience in financial services

Expert knowledge of cybersecurity risks and controls

Experience in a financial services organization under strong regulatory oversight

Ability to build and maintain senior executive relationships

Proven leadership experience managing teams

Strong decision-making and judgment skills

Ability to challenge status quo and influence outcomes

Excellent business writing and communication skills

Proficiency in MS Word, Excel, PowerPoint, and Visio

Education and Certifications

Bachelor’s degree required

Preferred certifications : CISSP, CISM, CISA, CRISC, or other relevant risk certifications

Work Schedule and Location

Hours per Week : 40

Locations : Johnston RI, Boston MA, Westwood, MA, Iselin NJ

Schedule : Monday–Friday

Pay Transparency

The salary range for this position is $175,500-$230,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity / paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https : / / jobs.citizensbank.com / benefits.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status / parenthood, medical condition, military or veteran status, national origin, pregnancy / childbirth / lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and / or local laws. Employment decisions are based solely on merit, qualifications, performance and capability.

#J-18808-Ljbffr