Head of Cyber Regulatory Controls; Americas

Role Requirements

• Head of Cyber Regulatory Control (Americas) is a key leadership role, reporting to the Head of Global Cyber Regulatory Control within the Cyber Posture and Assurance team, part of Global CISO.
• The role holder will represent activities specifically within the Americas/US time zone. They are responsible for ensuring that our internal enterprise cyber security control framework is aligned with the Americas regulatory expectations, internal risk appetite, and industry standards and in support of the wider global position.
• This role contributes to driving cyber control effectiveness across the technology estate, partnering with engineering, operational risk, and compliance teams to embed security-by-design practices and close control gaps.
• The director leads preparations for regulatory exams, supervisory engagements, and regulator led assessment, serving as a central point of coordination with internal and external auditors as well as with key regulatory bodies in the Americas time zone.
• With deep expertise in control frameworks (e.g., NIST, ISO, CIS), cyber threat landscapes, and regulatory expectations of Americas Regulators such as FDIC, FRBNY, DFS and SEC / FINRA, the successful candidate will ensure the organization remains resilient, defensible, and regulator-ready at all times.

• Superior written and verbal communication skills, with the ability to present complex technical information to diverse audiences and especially to synthesise complex topics to senior management and external bodies.
• Strong organisation skills, capable of overseeing multiple concurrent activities in a dynamic environment.
• Effective leadership and influence skills
• Preferably strong experience in any of information security and/or technology with a leadership capacity focused on operational delivery, controls enforcement, or risk management.
• First‑hand experience of leading regulatory engagements / examinations
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related discipline; preferred.
• Professional certifications such as CISSP, CISM, OSCP, CREST, or equivalent are highly valued.

To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk.

• Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management.
• Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders.
• Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework.
• Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk.
  
  Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices.
• Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision.
• Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions.

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide.
• They manage the direction of a large team or sub‑function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep…