Overview This position provides cybersecurity risk management and expert support at the highest level of cybersecurity governance and oversight for Cyber processes, risks and controls. Creates methods to evaluate potential losses, and develops high-impact solutions to minimize or eliminate risk. Recommends and monitors enhancements to current processes and procedures, performing analysis and reporting in support of strategic objectives. Serves as a resource and may provide a leadership role for the work group through knowledge in the area of specialization. Responsibilities Risk Identification and Monitoring - Leads the design and implementation of process evaluation methods, and the development of expert solutions to address identified risks. Works closely with management to ensure risk strategies are effective and compliant. May involve creation, evaluation, and execution of targeted risk assessments to evaluate risk conditions. Maintains a strong knowledge of cybersecurity risk management developments or changes within the organization, industry, and market. Reporting - Produces reports based on risk management assessments, data analysis, company trends, and risk factors. Conveys root cause analysis, patterns, problems, and areas of improvement. Enables insight into potential risk exposure, losses and mitigation of identified risks through reporting activities. Business Support - Supports cybersecurity processes through a variety of escalated operational tasks. Develops, implements, and ensures continuous improvement of procedures. Acts as a resource to provide guidance to management, including production of documentation, presentations, or other materials to educate on risk policies and procedures. Handles complex technical matters and participates in special projects. Qualifications Bachelor's Degree and 4 years of experience in Cyber Risk management, or Cyber Risk Oversight OR High School Diploma or GED and 8 years of experience in Risk management, or financial analysis, or statistical modeling Requirements: Experience identifying information security risk and partners with key stakeholders to monitor, reduce or eliminate risk Experience conducting risk and control activities per the Enterprise Risk Management Program and Regulatory requirements Experience executing cyber risk management procedures for required assessments, open high risks, root cause analysis, action plan development, remediation documentation and monitoring Experience reviewing emerging risks concerns and provides early warning indicators on key risks Impeccable written and oral communication skills with ability to influence strategic objectives Preferred Qualifications: 7-10 years of experience in risk management leading risk assessments (FFICE CAT, GLBA, NIST CSF, PCI, ISO, Cyber Security Management) 3+ years of experience at Large Financial Institution CISSP, CISA, CISM or CRISC certification Broad knowledge and understanding of cybersecurity risks and controls, including a strong understanding of IT infrastructure, cloud computing, mobile technologies, and cybersecurity technologies. Extensive knowledge and subject matter expertise in managing cybersecurity risk in an institutional setting including the related rules and regulations of the financial services industry to include applicable Interagency Guidance, NIST, CSA, FFIEC, OCC, FRB, state law and other pertinent regulations. In-depth practical knowledge of internal controls, risk assessments and operational and cybersecurity processes, and applicable techniques for implementation of regulatory, cybersecurity, and legal requirements and operational processes. Strong project management and/or continuous improvement skills. Remote eligible. This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants. The base pay for this position is generally between $94,000 and $163,000 per year. Actual starting base pay will be determined based on skills, experience, location and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment. First Citizens benefits programs are designed to meet our Associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined. More information regarding our benefits offerings can be found here: https://jobs.firstcitizens.com/benefits