Lead – Cyber Risk & Control Monitoring
$118,980–$195,465 year
On-site · New York City, New York, United States or Bethlehem, Pennsylvania, United States
Job Summary
Lead the design and monitoring of cybersecurity/IT controls to ensure policy compliance, partnering across Cybersecurity, Technology, Risk Management, and Internal Audit. Oversee control design, instrument and automate monitoring, evaluate control performance with data-driven assurance, and drive timely remediation of control gaps. Collaborate with 2nd line and control owners to manage risk exposure, maintain alignment with internal standards, and advance the first-line control monitoring program.Responsibilities include designing and validating controls prior to go-live, maintaining a prioritized control inventory, identifying coverage gaps and emerging risks, scaling automation to reduce manual evidence collection, and coordinating with audit/regulatory requests. Qualifications include a bachelor’s degree in a related field, 5+ years in cybersecurity/IT risk domains, strong communication and stakeholder skills, experience mapping controls to frameworks (NIST, MAR, COBIT, SOC 2, NYDFS 500), cloud/SaaS security experience (AWS/Azure/GCP), knowledge of AI/ML security considerations, and relevant certifications (CISSP, CISM, CRISC, CISA, Security+, CCSP). This role reports to the Head of Cybersecurity Governance and is based in-office three days per week at New York, NY or Bethlehem, PA. Visa sponsorship is not available.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Technology Risk Management, or a related field (or equivalent experience)
- 5+ years of experience in cybersecurity, architecture, IT risk, technology audit
- Strong stakeholder management and communication skills; ability to translate technical control results into business risk
- Experience defining control objectives to address risks, designing controls, identifying residual risks, designing assurance approaches (manual and automated)
- Experience working with security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, COBIT, SOC 2, NYDFS 500) and mapping controls across frameworks
- Experience producing management-ready artifacts and facilitating governance forums
- Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls
- Understanding of AI/ML security and governance considerations (data protection, model risk, third-party AI, secure use/monitoring)
- Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns
- Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP)
- Location: New York, NY or Bethlehem, PA with on-site expectations
- Not sponsoring visas (must be legally authorized to work in the United States without employer sponsorship)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.