Advance your potential – and reach your goals

We are seeking aManagerof Cybersecurity Governance to join our dynamic teamreporting to theDirector of Cybersecurity Governance and Risk.This rolewillleadthedevelopmentof a comprehensive technology and cybersecuritygovernanceframework tailored to ouron-premiseandcloudenvironments. This role is critical in ensuring that our company'stechnology and cybersecuritypractices are compliant with regulatory requirements and industry standards, while alsoeffectivelyidentifyingrisks.

Members of the Cybersecurity Governance team are motivated, detail-oriented, and thrive in a collaborative environment where they will add value to key business partners. This position will require you to be adaptive, willing to drive change and innovation, and work in a fast-paced environment requiring collaboration and the ability to organize and prioritize assignments.

Responsibilities:

• Establish andmaintainasecurity governance frameworkbased on the National Institute of Standards and Technology (NIST) Cybersecurity Frameworkto ensure effective oversight and accountability.

• Oversee thetechnology and cybersecurity policy program, which includes policyand controldrafting,facilitatingcross-functional input,and enforcement of policies, procedures, and controls.

• Maintain the company’s technology and cybersecurity riskandcontrolsmatrix in alignment with multiple frameworks, including SOC2,CIS,PCI, NIST CSF,NIST 800-53, and NYDFS Part 500.

• Leadtheannualenterprisetechnology and cybersecurity riskassessment.

• Establish an automatedtechnology and cybergovernance risk and compliance (GRC) program to continuouslymonitorand report on technology and cyber risk and control effectiveness.

• Lead the company’s annual NYDFS Part 500 Cybersecurity self-assessment.

• Oversee andfacilitatethe annual SOC2 audit and any exams and assessments focused on technology and cybersecurity controls from state examiners, regulators, and OneMain partners.

• Educate,influenceandprovide clear directives for technology projects, either directly or through committees, to ensure the consistent application of policies,standardsand controlsacross all technology projects,systemsand services.

• Partnerand coordinatewith the enterprise risk management team, internal audit, and otherfunctions withinthe cyber risk team to ensureappropriateoversightand management of cyber risks and controls in-line with OneMain’s enterprise riskmanagementframework.

• Partner with cybersecurity architects, engineers, andtechnologyoperations teams to ensuregovernance programsforaccess privileges,applications, cloud environments, asset management, artificial intelligence, and other technology functionsareimplementedandmaintainedaccording tocybersecuritystandardsand guidelines.

• Lead a metrics and reporting program to measure the efficiency and effectiveness of the cybersecurity program for senior management providing insights,trendsand recommendations.

Qualifications:

• Bachelor's Degree with a focus in Cybersecurity, Information Technology disciplines or equivalent experience.

• Minimum of 5 - 7 yearsofexperience inplanning, designing,implementingand managingtechnology and cybersecurity governanceandcontrolsframeworkin the financial industry or other regulated industry. 

• Minimum 3 - 5 years in a leadership rolewith a strong ability to influence peers,leadersand team members at all levels and across functional lines.

• In-depth knowledge of cybersecurity frameworks, such as NIST, SOC2,andCIS.

• In-depth knowledge of cybersecurity laws and regulations, industry standards and best practicesincludingGLBA 501(b),NYDFSand PCI.

• Excellent verbal and written communication and presentation skillswith the ability to prepare and deliver complex data in a way that is concise/understandable.

• Strong organizational and program management skills. Ability to effectively respond to shifting priorities and assignments.

• Sound analytical, problem solving andresearchskills.

• Proficient incomputerskills in Microsoft Office suite - Word, Excel, and PowerPoint.

• Familiarity withGRC, metrics, and reporting tools likeArcher,Anecdotes,Power BI, or equivalent software a plus.

• Self-motivation with proven ability to be adaptable to a dynamic, fast-pacedwork environment with multiple priorities and strict timelines.