Americas Regional CISO & Wholesale CISO
Job Description
Company: RED SKY Consulting
Location: New York, US
Job Title: Americas Regional CISO & Wholesale CISO
Location: Hybrid Onsite in NY 2x/week
Type: Direct Hire
Bottom Line / In a Nutshell:
• Regulatory & Board Experience: Proven experience dealing with regulators (specifically US ones like SEC/FINRA) and presenting to corporate boards. Must be able to articulate complex security topics in simple, layman’s terms.
• Wholesale Financial Services Knowledge: Strong understanding of the wholesale banking business, including equities, fixed income, and securities products. Must understand the technology and risk systems involved (e.g., order management systems).
• High Emotional Intelligence (EQ) & Political Acuity: Ability to manage up, down, and across a complex matrix organization. Must be a collaborative leader, not an “ass-kicking robot,” to be successful with the team and stakeholders like the CIO of Wholesale.
• Team Leadership & Management: Experience managing and leading a sizable security team, with the sensitivity to manage a team transitioning from a long-tenured and beloved leader.
• Global & Regional Perspective: Ability to operate in a dual role, managing regional CISO responsibilities for the Americas while also driving the global security agenda for the wholesale business line.
Job Description:
This executive role provides leadership of our Information Security function for the Americas region (AMER) and the Global Wholesale Business Unit. Combining regional and BU security responsibilities, this role ensures consistent application of global information security policies, standards, controls and practices across the Americas and Wholesale, while partnering closely with regional business, technology and risk stakeholders.
In addition, this position serves as the Global Head of Security R&D and Innovation, working with business and technology teams and cyber startups to identify, test, and develop new security solutions. The role also supports Investment Banking (IB) by identifying startups for funding, partnership, and collaboration opportunities, including the development of cyber-centric funds and alignment with the firm’s research arm.
Key Responsibilities:
Leadership & Organizational Impact
• Represent the global CISO organization at C-suite and Board levels with executive presence and gravitas; act as a visible ambassador for security across the firm.
• Build and scale high-performance, diverse teams across the region and BU, with strong talent development, succession planning and retention outcomes.
• Define clear organizational structures, roles and responsibilities, and governance operating models that balance centralized control with regional autonomy.
• Own a defined span of control (direct reports and key teams may include incident response, SOC/operations, identity & access, security architecture, risk & assurance, and vendor risk management).
Strategic & Commercial Acumen
• Apply strong commercial judgement to balance security risk reduction with business enablement and cost-effective program delivery.
• Develop multi-year security roadmaps and convert them into measurable business outcomes and robust investment cases.
• Prioritize competing initiatives, allocate resources effectively, and deliver results within time and budget constraints.
• Manage assigned security budget and financial authority consistent with Group CISO delegations.
Strategic Transformation Leadership
• Translate global CISO strategy into sequenced, measurable regional and BU roadmaps.
• Simplify and evolve security policies, standards and control frameworks to increase effectiveness and operational adoption.
• Lead cultural change to embed risk-aware behaviors across the AMER region and Wholesale, using targeted communications, training, incentives and role-modelling.
• Champion pragmatic innovation in governance and controls, leveraging automation, analytics and tooling to increase efficiency, transparency and assurance.
Regulatory & Compliance Leadership
• Maintain deep familiarity with global and regional financial services regulations; engage regulators, respond to examinations and remediate findings.
• Interpret evolving regulatory requirements and embed compliance-by-design into policies, processes and controls.
Risk & Assurance Governance
• Establish or mature assurance functions (security risk management, control testing, risk reporting) and coordinate with internal audit and external assessors.
• Use quantitative and qualitative metrics to drive risk-based decision making and continuous improvement.
Technology & Process Modernization
• Leverage automation, orchestration and analytics to scale governance, risk assessment, control monitoring and reporting.
• Apply governance for modern cloud, hybrid and third-party ecosystems, including outsourcing, cloud adoption and vendor risk management considerations.
Program Delivery & Change Management
• Deliver complex, cross-functional transformation programs requiring strong change management, stakeholder alignment and benefits realization.
• Apply disciplined program governance (risk-based prioritization, dependency management and stage-gate oversight).
Communication & Influence
• Communicate complex security concepts clearly to technical and non-technical audiences, including executives and Boards.
• Secure executive sponsorship and align multi-stakeholder agendas through strong negotiation and influence.
Cross-Cultural & Regional Expertise
• Demonstrate cultural sensitivity and practical experience engaging with Japanese corporate stakeholders and global teams.
• Lead and integrate regional security practices across Asia and global hubs, ensuring consistency while respecting local requirements.
Operational Details & Expectations
• Geographic remit: Americas and Wholesale BU globally.
• Travel: Frequent regional and international travel expected (typical range 25-30%).
• On-call/incident response: Participate in executive incident response as required for major incidents and regulatory escalations.
• Employment type: Permanent; competitive senior executive compensation and benefits.
Required Experience & Qualifications:
Professional Experience
• 20-25 years’ experience in Information Security and/or Information Technology, with at least 15 years in senior security roles within top-tier financial services organizations.
• Proven track record leading enterprise-wide security programs, navigating complex regulatory environments and delivering organizational transformation.
Technical Expertise
• Strong practical knowledge of security frameworks and standards (e.g., ISO 27001, NIST, CIS, COBIT), and experience implementing and operating control frameworks in global environments.
• Deep expertise in enterprise risk management, control framework design and delivery of large-scale security transformation programs.
• Hands-on experience modernizing security governance structures and implementing automation and innovative control mechanisms.
Leadership Capabilities:
• Strategic leader with demonstrated success influencing at executive and board levels, building high-performing teams, and driving organizational change in matrixed global organizations.
• Proven ability to work effectively with business leaders, regulators and technology partners and to lead cross-cultural teams.
Education & Certifications:
• Master’s degree or higher in Computer Science, Information Security, Business Administration or a related field preferred.
• Executive-level security certification required (CISSP or CISM).
• Advanced risk management certifications (CRISC, CISA) strongly preferred.
• Additional relevant industry certifications advantageous.
Key Success Metrics (examples):
• Reduction in critical control gaps and percentage decrease in time-to-remediate year-on-year.
• Improvements in detection and response metrics (time-to-detect, time-to-respond).
• Stakeholder satisfaction and engagement scores (targeted improvement in senior management and business unit leader feedback).
• Closure rate and timeliness of audit and regulatory findings.
• Successful delivery of roadmap milestones and measurable business outcomes from security initiatives.
Impact Areas:
This Managing Director will shape our security strategy across the Americas and Wholesale, driving governance improvements, elevating risk management capabilities and fostering a risk-aware culture. The role will influence global security initiatives and best practices across our international operations.
Department Context:
Operating within GCIO’s global framework, this executive position is central to our operational resilience and technology strategy. The role leads critical security transformation initiatives, builds robust security capabilities across the business, and enhances cross-regional collaboration while maintaining alignment with local requirements and business objectives.
Competencies:
Explore Insights & Vision
• Identify the underlying causes of problems faced by you or your team and define a clear vision and direction for the future.
Making Strategic Decisions
• Evaluate all the options for resolving the problems and effectively prioritize actions or recommendations.
Inspire Entrepreneurship in People
• Inspire team members through effective communication of ideas and motivate them to actively enhance productivity.
Elevate Organizational Capability
• Engage proactively in professional development and enhance team productivity through the promotion of knowledge sharing.
Inclusion
• Foster a culture of inclusion and psychological safety in the workplace and cultivate a “Risk Culture” (Challenge, Escalate and Respect).
THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANY
CISO
RED SKY Career Opportunities at: redskyconsulting.co/career-portal
CISO
RED SKY Consulting Candidate and Client Referral Program!
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
CISO
RED SKY Consulting Company Overview:
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
Keys: CISO, Financial Services, Banking, Wholesale, Cybersecurity, CISO, Financial Services, Banking, Wholesale, Cybersecurity, CISO, Financial Services, Banking, Wholesale, Cybersecurity, CISO, Financial Services, Banking, Wholesale, Cybersecurity
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Source: Lensa
