Director, Cyber Risk Operations (Global ROC)

Key Responsibilities

Cyber Risk Operations & Strategy

• Design and stand up a global Cyber Risk Operations Center (ROC), including operating model, workflows, tooling integration, metrics, and governance.
• Define and operationalize a consistent framework for identifying, prioritizing, tracking, and remediating cyber and infrastructure risk.
• Partner with security architecture, infrastructure, cloud, and application teams to embed risk management into day-to-day operations.

Technology & Infrastructure Risk Management

• Own enterprise technology risk visibility across on-prem, cloud, hybrid, and SaaS environments.
• Lead risk assessment and exception management processes, including risk acceptance, compensating controls, and executive-level risk reporting.
• Drive secure configuration assessment and risk management aligned to industry standards (CIS, NIST, Microsoft benchmarks, etc.).

Cloud Exposure & Attack Surface Management

• Oversee cloud security posture, exposure management, and attack path analysis across Azure and multi-cloud environments.
• Leverage tools such as Wiz, Azure Security Center / Defender, and related platforms to identify toxic combinations, misconfigurations, and high-risk attack paths.
• Partner with cloud engineering teams to prioritize remediation based on risk and business impact.

Vulnerability & Endpoint Risk

• Lead vulnerability management and endpoint exposure programs using tools such as Qualys and CrowdStrike.
• Ensure risk-based prioritization of vulnerabilities beyond CVSS, incorporating exploitability, asset criticality, and exposure.

Identity & Access Risk

• Oversee identity-related risk management, including privileged access, misconfigurations, and conditional access gaps using Microsoft Entra ID and related tooling.
• Partner with IAM teams to reduce identity-driven attack paths and enforce least privilege at scale.

Third-Party Risk Management

• Own the cyber risk aspects of third-party and supply chain risk, including technology assessments, ongoing monitoring, and issue remediation.
• Integrate third-party risk insights into enterprise risk reporting and decision-making.

Leadership & Stakeholder Engagement

• Build and lead a high-performing, globally distributed team of cyber risk professionals.
• Communicate complex technical risk clearly to executives, auditors, and non-technical stakeholders.
• Provide regular risk posture updates to senior leadership, including trends, systemic issues, and material risks

Qualification & Requirements

Required

• 12+ years of experience in cybersecurity, infrastructure security, or technology risk, with 5+ years in senior leadership roles.
• Deep technical background in enterprise infrastructure, cloud platforms (especially Azure), identity systems, and security architecture.
• Hands-on experience with tools such as Qualys, CrowdStrike, Wiz, Azure Security/Defender, and Microsoft Entra ID
• Proven experience building or scaling cyber risk, vulnerability management, or exposure management programs.
• Strong understanding of cyber risk frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS).
• Demonstrated ability to translate technical findings into business-relevant risk decisions.

Preferred

Benefits

No information available.