US Cyber Regulatory CRI Profile Program Manager

Job Description

Company: Capgemini

Location: New York, US

New York, NY, United States (On-site)

Contract (6 months 8 days)

Published 2 days ago

stakeholder management

CISSP

Cybersecurity Governance

Power BI

root cause analysis

data analysis

microsoft excel

•
The Americas Cybersecurity Governance Risk and Compliance GRC Senior Support Specialist is responsible for leading and delivering key US cyber regulatory governance and reporting obligations ensuring the organization maintains compliance with applicable cybersecurity regulations and effectively manages cyber risk

•
The role supports the Americas Cybersecurity GRC Lead and US CISO by owning end to end execution of timebound regulatory programs and submissions producing regulator ready artifacts and maintaining repeatable auditable processes

•
The role provides oversight and effective challenge of the regional cybersecurity risk profile risk appetite metrics and control effectiveness and drives remediation follow up when metrics indicate noncompliance or risk appetite breaches Working in partnership with Group Cybersecurity teams the broader GRC Regulatory Compliance teams technology and control owners including non US IT Service Owners and the regional Chief Controls Office the role coordinates regulatory deliverables such as the CRI Profile assessment GLBA reporting NYDFS attestation support bimonthly regulatory meeting materials and ad hoc regulatory requests ensuring high quality outcomes and operational resilience across US Cyber governance forums

Role Description:

•
Broad understanding of cybersecurity across Security Operations engineering technology controls and tooling with the ability to translate technical topics into clear regulatory and executive level messaging

•
Strong knowledge of IT preferably cybersecurity governance risk management and compliance including experience assessing cyber regulatory compliance and supporting regulatory exams and inquiries

•
Demonstrated program management capability with endtoend ownership of timebound nondiscretionary regulatory deliverables eg CRI Profile assessment GLBA reporting NYDFS attestation support including planning execution quality control and submission readiness

•
Proven ability to develop and maintain repeatable auditable operating models by documenting processes and building program artifacts procedures templates guidance training materials trackers and evidence repositories

•
Ability to analyze and interpret cybersecurity risk and control metrics KPIKRIKCI identify data discrepancies drive rootcause analysis with stakeholders and track remediation actions through to closure

•
Strong stakeholder management skills including the ability to coordinate across 1LOD 2LOD CCO Tech Group Cybersecurity technology teams control owners and nonUS ITSOs to deliver outcomes on schedule

•
Excellent written and verbal communication skills with the ability to produce clear concise wellevidenced materials fit for senior management the Board of Directors and regulatory bodies

•
Ability to lead through influence prioritize effectively across competing deadlines and coordinate the tasking of others including contractors or virtual team resources when required

•
Ability to provide responsive support for ad hoc regulatory requests including rapid evidence gathering and issue resolution with appropriate sensitivity to the US regulatory environment

•
Proficiency with Microsoft tools Word Excel PowerPoint SharePoint Power BI Teams and collaboration platforms eg Confluence to manage workspaces reporting and regulatory artifacts

•
Strong attention to detail and a continuous improvement mindset proactively identifying opportunities to reduce cycle time stakeholder friction and execution risk year over year

Qualifications:

•
Bachelors Degree in relevant discipline eg ITRisk or equivalent work experience

•
One or more industry certifications eg CISSP CISA CISM preferred

•
Strong demonstrated program management experience including endtoend ownership of timebound regulatory deliverables eg FFIEC CATCRI Profiletype assessments and GLBA reporting including planning execution quality control and submission readiness

•
Prior experience with US Financial Services regulatory OCC FRB engagement experience in dealing with compliance matters and regulatory liaison is preferred knowledge of US Financial Services regulatory requirements is required

•
Ability to build strong relationships and communicate on complex issues with a wide spectrum of stakeholders

•
Ability to efficiently operate and analyze large data sets in Excel proficiency with Microsoft tools Word Excel PowerPoint SharePoint Power BI Teams

•
Comprehensive understanding of banking and cybersecurity in the context of wider industry trends and direction

•
Strong written and verbal communication skills including the ability to translate technical subject matter for nontechnical audiences with excellent attention to detail

Key Responsibilities:

•
Leads delivery of mandatory United States cybersecurity regulatory programs and submissions including planning execution quality control and readiness for submission

•
Coordinates and delivers the annual report required under the GrammLeachBliley Act for the Board of Directors including managing inputs from many stakeholders and ensuring consistent quality year over year

•
Supports regulatory engagement and examinations by coordinating responses gathering evidence and ensuring materials are complete accurate and suitable for regulators and senior leadership

•
Builds and maintains repeatable auditable ways of working by documenting processes and maintaining templates guidance training materials trackers and centralized evidence repositories

•
Produces clear well evidenced reporting and briefing materials for senior management the Board of Directors and regulators on cybersecurity risk compliance status and program outcomes

•
Reviews cybersecurity risk and control performance metrics identifies data issues drives root cause analysis with stakeholders and tracks remediation actions through closure

•
Prepares materials and action tracking for recurring regulatory governance routines including meeting packs follow ups and escalation of delivery risks and dependencies

•
Maintains the annual New York State cybersecurity attestation support process including evidence coordination and leadership briefing materials to enable confident signoff

•
Drives remediation governance for United States cybersecurity control gaps by obtaining remediation plans from control owners tracking progress and coordinating closure

•
Provides governance oversight for the United States cyber service sustainability forum by reviewing remediation plans ensuring noncompliance is escalated for business decision and flagging funding risks that could impact service sustainability

•
Represents United States cybersecurity in application security governance forums and acts as the point person for issue resolution and follow through

•
Leads through influence across cybersecurity technology risk and controls teams including coordinating the work of others when needed to meet fixed regulatory deadlines

The pay range that the employer in good faith reasonably expects to pay for this position is $36.98/hour – $57.79/hour. Our benefits include medical, dental, vision and retirement benefits. Applications will be accepted on an ongoing basis.

Tundra Technical Solutions is among North America’s leading providers of Staffing and Consulting Services. Our success and our clients’ success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.

Source: Indeed