Permanent Role Location: Hyrbrid, New York City Overall Purpose of the Role This role will serve as the global lead for Cyber Risk from a Second Line of Defence (2LOD) perspective, providing independent oversight, challenge, and subject matter expertise across the organization. Key Accountabilities Reporting directly to the Head of Operational Risk - Cyber (who reports to the CRO), this role sits within the Operational Risk team, which is responsible for overseeing all operational risk exposures across the Group. The role specifically focuses on the Service Company and Cyber domains. Responsibilities include: Act as the 2LOD subject matter expert (SME) for Technology, Information Security, and Cyber Risk. Provide independent review and challenge of the First Line of Defence (1LOD) risk management practices, ensuring compliance with the Operational Risk Framework and related policies. Review and validate Risk and Control Self-Assessments (RCSAs) to ensure they reflect accurate risk profiles and align with quarterly risk reporting and key indicators. Evaluate and escalate significant risk events and issues, ensuring risks are appropriately managed and reported. Identify and assess thematic and emerging risks; contribute to scenario analysis and capital planning processes. Lead and participate in 2LOD Risk Reviews. Collaborate closely with SME stakeholders across business horizontals and verticals. Participate in risk committees and forums related to Technology, Cyber, and Resilience, ensuring effective oversight of business remediation plans. Support the broader Operational Risk leadership team as a senior member. Stakeholder Management & Leadership The ideal candidate will: Build and maintain strong relationships with senior stakeholders, including 1LOD Business Owners, Control Officers, Horizontal Risk Owners, and Internal Audit. Drive the strategic direction and maturity of 2LOD oversight for Technology, Cyber, and Resilience Risk themes. Stay ahead of evolving regulatory requirements, sharing best practices and ensuring compliance across relevant risk categories. Risk and Control Objectives All responsibilities must be executed in full compliance with regulatory obligations, internal risk frameworks, policies, and standards. Person Specification Basic Qualifications: Bachelor's degree (4-year program or equivalent) Minimum of 1 year in risk management Over 10 years of experience in Technology, Cybersecurity, Information Security, Data, or Resilience Risk, with exposure to senior leadership Preferred Qualifications: MBA and/or professional certification (e.g., CRISC, CISSP, CISM) Background in Operational Risk, audit, or internal controls within the financial sector Proven experience leading risk transformation initiatives in a large financial institution Deep understanding of the risk landscape across Technology, Cyber, and Resilience within a brokerage or financial services context Strong leadership, stakeholder management, and relationship-building skills Excellent communication, analytical, and project management capabilities Ability to manage multiple priorities, influence cross-functional teams, and deliver value proactively in a dynamic environment