Key Accountability:

• Develop, update, and enforce IT security risk management policies and governance frameworks aligned with regulatory requirements and industry best practices.

• Collaborate with 1st Line of Defense and LHFG entities to ensure effective policy implementation and manage exceptions with clear risk justification.

• Lead independent IT security risk assessments, including threat modeling, vulnerability analysis, and risk quantification across systems, applications, and infrastructure.

• Review and analyze risk registers, security incidents, and control effectiveness to provide timely assurance insights to senior management and governance committees.

• Oversee governance of critical security processes such as change management, security exceptions, and secure software development lifecycle (SDLC).

• Provide independent oversight of IT security architecture and design decisions to ensure compliance with security principles and frameworks.

• Monitor IT system availability risks, including assessment of business continuity (BCP) and disaster recovery (DRP) plans from a cybersecurity perspective, ensuring organizational resilience.

• Engage with cross-functional teams and risk committees to communicate IT security risks, gaps, and recommend mitigation strategies.

Qualifications:

• Bachelor’s degree or higher in Cybersecurity, Information Technology, Computer Science, or a related field.

• 5–8 years of experience in IT security, risk management, or independent assurance.

• Familiarity with security frameworks such as ISO 27001, NIST, and governance models like the Three Lines of Defense.

• Knowledge of security technologies, including SIEM, cloud security platforms (AWS, Azure), and data loss prevention (DLP) solutions.

• Strong analytical skills with the ability to independently provide risk-based assessments and recommendations.

• Relevant security certifications (e.g., CISSP, CISA, CRISC) are a plus.