Cyber Security Risk Governance, Executive Director

Are you ready to make an impact at DTCC?   

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.   

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

Pay and Benefits:
 

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

DTCC is seeking an Executive Director, Cyber Security Risk Governance, to support the Cyber Security Risk Office (CSRO). 

This role will report to DTCCs Chief Cyber Risk Officer and will be responsible to formalize and lead the development of CSRO strategic and governance processes. This includes translating CSRO's strategy across DTCC, driving organizational change and synergies across CSRO, and establishing greater transparency and accountability for the CSRO leadership team. 

This role will focus on high-level impact initiatives, long term strategy, and CSRO governance responsibilities. 

This includes creation of a multi-year strategy, development and maintenance of 2nd Line of Defense (2LoD) credible challenge methodology, risk assessments, metrics and reporting, cyber security training, oversight of risk acceptances/policy deviations, risk assessments, policy and control mapping, and management control testing.

This role requires a strong partnership with the CSRO leadership team to ensure the CSRO organization is delivering on its goals, especially those for its internal clients. The Executive Director, Cyber Security Risk Governance will provide leadership for the following CSRO functions:

• CSRO 2LoD Governance & Strategy
• Cyber Security Risk Monitoring & Reporting
• Cyber Security Risk Assessments
• Cyber Security Awareness & Training
• Independent Management Control Testing
• Cyber Security Risk Treatment

Your Primary Responsibilities:

• Partner with DTCC's Chief Cyber Risk Officer to drive CRSO strategy, governance, and operations, aligning with long-term goals and leading transformative organizational change. Oversight includes the following global teams:
• CSRO 2LoD Governance & Strategy: Lead governance functions including policy management, strategic planning, credible challenge design, PMO execution, executive communications, regulatory coordination, and performance tracking.
• Cyber Security Risk Monitoring & Reporting: Develop and manage risk and performance metrics for executive and board reporting. Ensure data integrity, regulatory alignment, and timely escalation through dashboards and governance cycles.
• Cyber Security Risk Assessments: Oversee risk assessments across applications, infrastructure, and processes, including CRI and NYDFS 500 compliance. Ensure timely issue tracking and escalation.
• Cyber Security Awareness & Training: Design and deliver training programs to strengthen cyber hygiene. Support quarterly reporting, live sessions, and AI governance awareness initiatives.
• Independent Management Control Testing: Execute control testing aligned with regulatory standards (DORA, NYDFS, CFTC). Identify gaps, support remediation, and maintain control inventories within the PRC framework.
• Cyber Security Risk Treatment: Manage the lifecycle of risk acceptances and policy deviations. Ensure compliance with enterprise standards, coordinate approvals, and track remediation to closure.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

• Minimum of 10 years of related experience
• Bachelor's degree preferred with Masters or equivalent experience

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.