Director Data and Cyber Risk Management

The Director Data & Cyber Risk Management is responsible for overseeing the global development, implementation, and maintenance of the risk management program covering the company's Data Management and Cyber teams. This program must be aligned with the established risk management framework, policies, and regulatory requirements across all business units and the bank. This role ensures regulatory compliance for relevant risks. Additionally, this role interacts with executives and risk committees providing assessments on data and cyber risks. This role reports to the Chief Operational Risk Officer.

Position Description & Essential Job Functions

Influence the annual goals, objectives, and strategy of data and cyber organizations through risk assessment, training, consultation, and trust. Lead a diverse team of Data and Cyber risk professionals, guiding their responsibilities' evolution. Hire and train new staff, conduct performance reviews, and use subject matter expertise to coach team members.

Facilitate data and cyber risk management across the enterprise. Collaborate with senior leaders to understand needs, practices, and expectations, and influence solutions that support risk management goals. Provide subject matter expertise and oversight in the design and execution of reviews and testing.

Monitor and report on Data and Cyber Risk Appetite and Key Risk Indicators. Partner with Senior Leaders in Data Management and Information Security to establish action plans. Develop presentations on the overall data and cyber risk profile for Enterprise Risk Committees and the Bank Board of Directors. Monitor the Technology Risk landscape and develop strategies for risk avoidance.

Develop the data and cyber risk strategy annually and drive the roadmap of risk assessments to measure progress. Address imminent risks that could hinder the organization's strategic objectives. Partner with the Chief Information Security Officer to set annual goals and objectives. Maintain relationships with regulatory agencies and participate in regulatory exams.

Minimum Qualifications

Bachelor’s Degree in management information systems, computer science, data science or related field of study or equivalent, relevant work experience.

10+ years of experience working in technology risk, information security, control management/assessments, or technology audit.

7+ years of direct leadership experience

Preferred Qualifications

One or more IT Certifications related to Risk, Audit, Info Sec, or Privacy e.g., CISSP, CISM, CISSP, CDPSE.

Experience with data and cyber risk and control frameworks, including leveraging those frameworks to evaluate control effectiveness and communicate residual risk.

Skills, Control Assessment, Control Frameworks, Information Technology Auditing, IT Risk Analysis

People Leadership, Technology Risk

Reports To: VP and above & Direct Reports: 6 - 10

Work Environment

Normal office environment. As a senior leader, must work at a Bread Financial office a minimum of 6 days per month. Ability to travel 6 days a month if not located near a Bread Financial office.

Travel

Ability to travel up to 5% quarterly