Head of Cyber Risk Management, Vice President - Crdit Agricole CIB : Job Details

Head of Cyber Risk Management, Vice PresidentHead of Cyber Risk Management, Vice President

Get AI-powered advice on this job and more exclusive features.

This range is provided by Crédit Agricole CIB. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$150,000.00/yr - $180,000.00/yr

Direct message the job poster from Crédit Agricole CIB

Summary:

The Head of Cyber Risk Management is a senior leadership role responsible for establishing, maintaining, and overseeing the organization's comprehensive Cyber Risk Management framework including core components of Governance, Risk, and Compliance. This individual will lead the identification, assessment, mitigation, monitoring, and reporting of cyber risks across the enterprise, ensuring alignment with business objectives, regulatory requirements, and industry best practices. This role requires deep expertise in both cybersecurity principles and risk management methodologies within the context of a complex and highly regulated environment. The Head of Cyber Risk Management will work closely with executive leadership, technology teams, compliance, legal, internal audit, and business units to embed a strong cyber risk culture. The successful candidate will ensure that cyber risk management practices align with the organization's risk appetite, global regulatory obligations (e.g., FFIEC, HIPAA, NYDFS, and DORA), and strategic objectives, ultimately safeguarding sensitive data, intellectual property, and operational continuity.

Key Responsibilities:

· Own, maintain, and mature the organization's Cyber Risk Management Framework (CRMF), ensuring alignment with industry standards (e.g., NIST CSF, CRI, FFIEC) and specific regulatory frameworks applicable to our industry.

· Integrate the Cyber Risk Management program with the overall Enterprise Risk Management (ERM) framework.

· Define and implement cyber risk assessment methodologies (qualitative and quantitative) suitable for diverse assets, including IT, OT/manufacturing systems (if applicable), cloud environments, and third parties.

· Champion the integration of cyber risk considerations into business processes, technology adoption, and strategic initiatives.

· Define the organization's cyber risk appetite and tolerance levels in collaboration with executive management and the Board.

· Oversee the implementation and management of tools and techniques for risk analysis, including threat modeling, vulnerability assessments, and potentially quantitative risk analysis (e.g., FAIR methodology).

· Direct and oversee periodic and event-driven cyber risk assessments across the enterprise landscape.

· Analyze threat intelligence, vulnerability data, and control effectiveness to provide a clear picture of the cyber risk posture.

· Focus specifically on risks related to sensitive data (e.g., client financial data, intellectual property), critical systems (e.g., manufacturing control systems, core financial platforms), and regulatory compliance failures.

· Mature the organization's third-party cyber risk management program, ensuring rigorous assessment and ongoing monitoring of vendors and partners.

Supplementary Information

3. Mitigation Strategy & Control Assurance:

· Integrate the Issue Management Policy and Procedure into the Cyber Risk Mangement Program; ensure the team through reporting remains on-track for all issues

· Collaborate with security architecture, engineering, operations, IT, and business units to recommend and prioritize risk mitigation activities and control enhancements.

· Provide expert risk-based guidance on security investments and control design.

· Oversee processes for tracking risk mitigation efforts and validating control effectiveness.

· Develop and manage a process for formal risk acceptance, ensuring appropriate sign-off based on risk severity and potential impact.

· Ensure cyber risk management activities directly support and provide evidence for compliance with relevant regulations (e.g., HIPAA Security Rule, NYDFS Cybersecurity Regulation).

· Serve as a key subject matter expert and point of contact for cyber risk during regulatory inspections and internal/external audits.

· Support validation and qualification activities by providing cyber risk expertise.

Required:

Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field.

Minimum 7-10 years of experience in information security or related field.

Preferred:

Advanced degree (MBA, MS) is strongly preferred.

Relevant industry certifications (CISSP, CISM, GIAC) are strongly preferred.

At least 3 years of experience in a senior leadership role within the banking or financial services industry.

Experience

Reporting & Metrics:

· Develop, track, and report on Key Risk Indicators (KRIs) and cyber risk metrics tailored to different audiences, from technical teams to the Executive Leadership Team and Board committees.

· Maintain an accurate and up-to-date enterprise cyber risk register.

· Communicate the cyber risk landscape, trends, and mitigation progress effectively through dashboards and formal reports.

· Team Leadership & Stakeholder Engagement:

· Build, lead, and mentor a high-performing team of cyber risk professionals.

· Foster a culture of risk awareness and proactive risk management across the organization.

· Establish strong partnerships with Legal, Compliance, Internal Audit, Risk Management (if applicable), and other key business functions.

Core Competencies:

Required Qualifications:

· Education: Bachelor's degree in Computer Science, Information Security, Risk Management, Business Administration, or a related field.

· Minimum of 7-10 years of progressive experience in information security and/or risk management.

· Minimum of 5-7 years in a leadership role managing cybersecurity or cyber risk functions.

· Crucially: Demonstrable experience working within a highly regulated industry (e.g., finance, banking, insurance, healthcare, energy, defense). Deep understanding of the specific regulatory requirements pertinent to that industry.

Required Skills

Skills & Knowledge:

· Expert knowledge of cyber risk management principles, methodologies, and frameworks (NIST CSF, CRI, ISO 27001/5, COBIT, etc.).

· In-depth understanding of cybersecurity domains: network security, application security, cloud security, data protection, identity and access management, incident response, vulnerability management, third-party risk.

· Proven ability to translate complex technical issues into understandable business risks and impacts for non-technical audiences.

· Strong understanding of relevant laws, regulations, and industry standards (specify key ones like HIPAA, NYDFS Part 500, CRI, CMMC as applicable).

· Excellent leadership, communication (written and verbal), presentation, and interpersonal skills.

· Strong analytical, strategic thinking, and problem-solving abilities.

· Experience interacting with regulators and auditors.

· Certifications: One or more relevant professional certifications required (e.g., CRISC).

Preferred Qualifications:

· Master's degree in a relevant field.

· Experience implementing quantitative risk analysis models (e.g., FAIR).

· Experience with Governance, Risk, and Compliance (GRC) platforms.

· Direct experience managing regulatory examinations focused on cybersecurity.

· Proven track record of developing and implementing successful enterprise-wide cyber risk programs in complex organizations.

Technical Skills Required

· Strong executive presence with the ability to engage and influence C-suite leaders and board members.

· Proven ability to lead cross-functional teams and drive enterprise-wide resilience initiatives.

· Excellent verbal and written communication skills, with experience presenting to regulators, auditors, and senior stakeholders.

· Ability to thrive in a high-pressure environment, managing crises and business disruptions with a structured and strategic approach.

Incident Management: Ability to analyze, prioritize, and manage security incidents effectively.

Strategic Thinking: Ability to align cyber risk initiatives with business objectives

Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities.

Leadership and Team Management: Proven track record of building and leading high performing teams

Regulatory Compliance: Expertise in navigating banking regulations

Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.

Investigations: Strong knowledge with leading security investigations.

Cybersecurity Frameworks: Deep understanding of frameworks such as NIST Cybersecurity Framework

Policy and Procedure Development: Proficiency in drafting and enforcing policies, procedures, and playbooks.

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology
• IndustriesBanking and Investment Banking

Referrals increase your chances of interviewing at Crédit Agricole CIB by 2x

Inferred from the description for this job

Medical insurance

Vision insurance

401(k)

Paid paternity leave

Paid maternity leave

Child care support

Disability insurance

Get notified when a new job is posted.

Sign in to set job alerts for “Vice President of Risk Management” roles.

New York, NY $190,000.00-$250,000.00 1 week ago

Consultant- Chief Risk Officer - Operations (Fractional/Contract Role)Consultant - Chief Risk Officer, Investments (Fractional/Contract Role)

New York, NY $178,000.00-$280,000.00 3 weeks ago

New York City Metropolitan Area $150,000.00-$190,000.00 1 week ago

Consultant - Chief Risk Officer, Investments (Fractional/Contract Role)

New York, NY $135,000.00-$203,000.00 1 month ago

Vice President, Enterprise Non-Financial Risk Program Strategy Lead

New York, NY $120,000.00-$205,000.00 2 days ago

New York, NY $75,000.00-$180,000.00 2 weeks ago

New York City Metropolitan Area $185,000.00-$240,000.00 2 weeks ago

New York, NY $120,000.00-$200,000.00 3 days ago

New York, NY $116,000.00-$171,500.00 2 days ago

New York City Metropolitan Area $150,000.00-$190,000.00 3 weeks ago

Vice President of Legal, Risk, & Compliance

Manhattan, NY $250,000.00-$475,000.00 6 days ago

New York City Metropolitan Area $130,000.00-$200,000.00 1 week ago

New York, NY $116,000.00-$171,500.00 3 days ago

New York, NY $180,000.00-$225,000.00 5 days ago

Risk Management - Firmwide Allowance Team - Vice President

New York, NY $110,000.00-$175,000.00 2 weeks ago

New York City Metropolitan Area $155,000.00-$195,000.00 1 month ago

Newark, NJ $185,100.00-$250,500.00 2 weeks ago

New York, NY $110,000.00-$230,000.00 2 weeks ago

New York, NY $150,000.00-$280,000.00 1 week ago

New York, NY $175,000.00-$200,000.00 2 weeks ago

Operational Risk Management Department-Business Continuity Management VP

New York, NY $110,000.00-$230,000.00 10 hours ago

New York, NY $120,000.00-$205,000.00 3 months ago

New York, NY $143,000.00-$185,000.00 6 days ago

Operational Risk Management Department-Business Continuity Management VP/SVP Team Lead

New York, NY $110,000.00-$280,000.00 1 month ago

Risk Regulatory Engagement Lead – Banking and International, SVP

New York, NY $163,600.00-$245,400.00 3 weeks ago

VP Business Risk - In-Business Regulatory Risk Management

Jersey City, NJ $125,000.00-$190,000.00 2 days ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr