Get introduced to vetted companies that are still hiring

Create a profile to become searchable by hiring managers.

0
JOBS
0
COMPANIES

Head of Cyber Risk Management

Groupe Crédit Agricole

Groupe Crédit Agricole

New York, NY, USA
Posted on Jun 18, 2025

Job description

Summary:
The Head of Cyber Risk Management is a senior leadership role responsible for establishing, maintaining, and overseeing the organization's comprehensive Cyber Risk Management framework including core components of Governance, Risk, and Compliance. This individual will lead the identification, assessment, mitigation, monitoring, and reporting of cyber risks across the enterprise, ensuring alignment with business objectives, regulatory requirements, and industry best practices. This role requires deep expertise in both cybersecurity principles and risk management methodologies within the context of a complex and highly regulated environment. The Head of Cyber Risk Management will work closely with executive leadership, technology teams, compliance, legal, internal audit, and business units to embed a strong cyber risk culture. The successful candidate will ensure that cyber risk management practices align with the organization's risk appetite, global regulatory obligations (e.g., FFIEC, HIPAA, NYDFS, and DORA), and strategic objectives, ultimately safeguarding sensitive data, intellectual property, and operational continuity.

Key Responsibilities:

1. Cyber Risk Framework Leadership:
· Own, maintain, and mature the organization's Cyber Risk Management Framework (CRMF), ensuring alignment with industry standards (e.g., NIST CSF, CRI, FFIEC) and specific regulatory frameworks applicable to our industry.
· Integrate the Cyber Risk Management program with the overall Enterprise Risk Management (ERM) framework.
· Define and implement cyber risk assessment methodologies (qualitative and quantitative) suitable for diverse assets, including IT, OT/manufacturing systems (if applicable), cloud environments, and third parties.
· Champion the integration of cyber risk considerations into business processes, technology adoption, and strategic initiatives.
· Define the organization's cyber risk appetite and tolerance levels in collaboration with executive management and the Board.
· Oversee the implementation and management of tools and techniques for risk analysis, including threat modeling, vulnerability assessments, and potentially quantitative risk analysis (e.g., FAIR methodology).
2. Risk Assessment & Analysis:
· Direct and oversee periodic and event-driven cyber risk assessments across the enterprise landscape.
· Analyze threat intelligence, vulnerability data, and control effectiveness to provide a clear picture of the cyber risk posture.
· Focus specifically on risks related to sensitive data (e.g., client financial data, intellectual property), critical systems (e.g., manufacturing control systems, core financial platforms), and regulatory compliance failures.
· Mature the organization's third-party cyber risk management program, ensuring rigorous assessment and ongoing monitoring of vendors and partners.