Threat Oversight Officer

About The Position

Requirements

• Bachelor’s degree in Information Security, Risk Management, Information Technology or related field required.
• 5+ years of recent and progressive knowledge and experience in a cybersecurity, IT risk management, or audit role within a financial services environment
• Equivalent combination of education, training, certifications, and/or relevant work experience may be considered.
• Provide an exceptional level of service for internal and external customers, with the ability to build and maintain positive, professional relationships, to successfully interact with all levels of management and functional and cross-functional areas across the organization.
• Excellent listening, verbal, written, and visual communication skills, with the ability to translate complex risk information into clear, actionable reporting and presentations for technical and non-technical audiences.
• Ability to read, write, speak, and understand English well.
• Strategic in approach to problem solving and decision-making, with demonstrated ability to quickly focus on key issues and make decisions under pressure of time constraints.
• Strong analytical and critical thinking skills, with the ability to independently assess risk decisions and constructively challenge first-line assumptions and conclusions.
• Thorough knowledge and understanding of cybersecurity and regulatory frameworks, including NIST CSF, FFIEC guidance, ISO 27001/27005, SOX, and GLBA/Interagency Guidelines.
• Knowledge of the Three Lines of Defense operating model and its application in enterprise risk management, including coordination among business operations, independent risk oversight, and internal audit functions.
• Strong planning, organizational, time management, and follow-up skills, demonstrating a strong sense of urgency and ability to execute quickly, timely and efficiently; independently ensuring that priorities are set and commitments and deadlines are met with minimal direction and oversight.
• Unquestionable integrity in handling sensitive and confidential information required.
• Proficient and advanced use and understanding of MS Office products (Word, Excel, Outlook), with the ability to adapt to and learn new technologies quickly.

Nice To Haves

• Professional certifications as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Microsoft Azure or equivalent preferred.

Responsibilities

• Oversees and maintains the Cybersecurity Risk Management Framework, aligning to FFIEC, NIST CSF, and the bank’s Information and Cyber Security Program.
• Maintains and continuously updates cyber risk taxonomies, classification models, and impact assessment criteria.
• Independently reviews and challenges 1LoD cybersecurity risk assessments, control self-assessments (CSAs), and remediation plans.
• Provides formal risk opinions on major technology initiatives, digital transformation efforts, and cloud or third-party onboarding.
• Leads and/or supports thematic reviews of cybersecurity initiatives and emerging risk areas (e.g., zero trust architecture, multi-factor authentication (MFA) implementation, and AI usage) to evaluate risk exposure, control effectiveness, and alignment with security standards.
• Develops and maintains cybersecurity risk metrics and key risk indicators (KRIs) to ensure alignment with the organization’s risk appetite.
• Prepares and delivers executive and board-level risk reporting, highlighting trends, emerging threats, and control gaps.
• Leads and oversees the annual planning of security testing activities to ensure appropriate coverage of key systems and risks.
• Reviews and monitors risk acceptances, control exceptions, audit/regulatory findings, and enforce timely remediation of items.
• Ensures risk acceptance processes include clear compensating controls, expiration timelines, and documented approvals.
• Provides independent cyber risk oversight for third-party vendors, especially those handling sensitive data or key infrastructure.
• Supports cybersecurity components of internal audits and regulatory examinations (e.g., FDIC, OCC, FFIEC).
• Leads and manages the Bank’s Threat Intelligence program and Information and Cyber Security Council.
• Maintains up-to-date understanding of evolving cybersecurity regulatory expectations.

Benefits

• total rewards package, which includes base salary based on the role, experience, and skill set, along with an exceptional benefits package (medical, dental, vision, life insurance, 401(k), community volunteer time), and generous time off policy.
• Full-time team members receive a minimum of 10 paid vacation days annually and eight hours of paid sick leave per month, while also enjoying 11 paid holidays each calendar year, and an annual float day.