AVP/ Manager, Cybersecurity Governance, Risk and Compliance

• Support the execution of the Technology and Cyber Risk Management Program, including risk assessments, issue tracking, and remediation follow-up.
• Assist in the review and analysis of IT vendor assurance artifacts (e.g., SOC reports, penetration test results) and maintain an up-to-date vendor inventory.
• Coordinate with third-party vendors and internal stakeholder groups (e.g., Legal, Procurement, Compliance, IT) to review and assess the cybersecurity risk posture of third parties.
• Facilitate cross-functional collaboration to ensure timely completion of vendor assessments and risk mitigation activities.
• Contribute to the maturity of the IT Third-Party Risk Management program by identifying process improvement opportunities and supporting the development of internal playbooks and procedures.
• Maintain and update GRC documentation, including risk registers, dashboards, and executive summaries.
• Document work products in GRC systems (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Support IT Risk & Audit activities, including the Quarterly Access Review (QAR), by working cross-functionally with IT Risk, Audit Support, and Internal Audit teams to ensure successful execution of the control across IT and business units.
• Participate in governance meetings and provide regular updates on assigned workstreams and deliverables.
• Communicate effectively with diverse audiences, including the ability to explain complex risk topics clearly and contribute to improving team communication practices.
• Take initiative in identifying risks, proposing practical solutions, and following through on tasks with appropriate guidance.
• Remain adaptable in a dynamic environment, working collaboratively across teams to simplify challenges and support program goals.
• Build strong working relationships with internal and external stakeholders, supporting alignment and trust across business units.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• 8–12 years of experience in Cybersecurity, IT Risk Management, GRC, or related fields, preferably in the financial services or technology sector.

• Strong knowledge and practical experience in IT Third-Party Risk Management, including vendor risk assessment methodologies, assurance artifact evaluation, and cross-functional coordination.
• Familiarity with cybersecurity frameworks and standards such as NIST CSF, ISO 27001, AICPA Trust Services Criteria, and GDPR.
• Experience with risk management methodologies (e.g., ISO 31000, COSO ERM).
• Proficiency in GRC platforms (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Proficiency in Microsoft Office tools (Word, Excel, PowerPoint, Outlook) for reporting, analysis, and communication.
• Strong analytical, technical writing, and documentation skills.
• Ability to work independently and collaboratively in a hybrid work environment.
• Excellent interpersonal skills, with a demonstrated ability to influence, mentor, and collaborate across teams and geographies.

Ares Wealth Management Solutions