Cyber Sec Lead-TPRM, Risk Assessments, Policy Exceptions (7-10yrs relevant exp)

The Opportunity

"As the Lead for Cybersecurity - Risk Management, you will act as a partner between FICO internal security standards and our expanding global supply chain. In this high-impact role, you will lead the charge in identifying, evaluating, and mitigating risks across both our internal IT landscape and our third-party ecosystem. You will act as a trusted advisor to FICO senior leadership, ensuring that our technical growth remains aligned with our risk appetite in a data-driven analytics environment".- Cyber Security, Director

What Were Seeking

• 710 years of experience across Information Security, IT Audit, or Cybersecurity Risk Management. You have a proven track record of assessing complex enterprise environments.
• Deep knowledge of IT infrastructure, cloud security (AWS/Azure), and application security. You know how to read a SOC 2 Type II report or a pen-test result and find whats not being said.
• Expert-level understanding and hands-on experience applying global privacy regulations (GDPR, CCPA, HIPAA, SOX, GLBA) and assessment standards (SIG, ISO 27001, PCI DSS, NIST AI RMF, NIST CSF, NIST RMF) to real-world business challenges.
• Exceptional ability to present complex risk ideas to both engineering teams and executive leadership, anticipating objections and driving consensus.
• Bachelors or Masters degree in a technical field. Highly preferred certifications include CRISC, CISA, CISM, or CISSP, ISO 27001:2022 Lead Auditor/Lead Implementer, ISO 42001:2023 Lead Auditor/Lead Implementer, PCI QSA, etc.

What Youll Contribute

• Lead the end-to-end lifecycle for both Internal Risk assessments and Third-Party Risk (TPRM). You will conduct deep-dive security assessments of internal systems, cloud environments, and vendor platforms to ensure no gaps exist in our defensive posture.
• Design, enhance and operationalize advanced risk-tiering methodologies and assessment workflows. You will integrate frameworks like NIST CSF, ISO 27001, PCI DSS into a unified risk management program.
• Evaluate the technical design and operating effectiveness of security controls across internal business units and external partners.
• Serve as the functional Lead for Process Unity, optimizing the platform to automate workflows and provide a real-time "single source of truth" for the firms entire cyber risk profile.
• Ensure the program meets the highest standards of regulatory excellence, specifically regarding PCI DSS, ISO 27001, CSA STAR and SOC 2, while maintaining a state of constant audit-readiness.
• Help us enhance how we vet third-party AI. Youll ensure that when our partners use AI, they aren't inadvertently exposing our data, introducing algorithmic bias, or creating "black box" risks that we can't monitor

Our Offer to You

• High performance culture promoting recognition, rewards and professional development.
• An inclusive culture strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
• Competitive base salary coupled with attractive role-specific incentive plan.
• Comprehensive benefits program.
• An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie.