Cyber Security Manager(GRC)

Leads delivery of mandatory United States cybersecurity regulatory programs and submissions, including planning, execution, quality control, and readiness for submission. Coordinates and delivers the annual report required under the Gramm-Leach-Bliley Act for the Board of Directors, including managing inputs from many stakeholders and ensuring consistent quality year over year. Supports regulatory engagement and examinations by coordinating responses, gathering evidence, and ensuring materials are complete, accurate, and suitable for regulators and senior leadership. Builds and maintains repeatable, auditable ways of working by documenting processes and maintaining templates, guidance, training materials, trackers, and centralized evidence repositories. Produces clear, well-evidenced reporting and briefing materials for senior management, the Board of Directors, and regulators on cybersecurity risk, compliance status, and program outcomes. Reviews cybersecurity risk and control performance metrics, identifies data issues, drives root-cause analysis with stakeholders, and tracks remediation actions through closure. Prepares materials and action tracking for recurring regulatory governance routines, including meeting packs, follow-ups, and escalation of delivery risks and dependencies. Maintains the annual New York State cybersecurity attestation support process, including evidence coordination and leadership briefing materials to enable confident sign-off. Drives remediation governance for United States cybersecurity control gaps by obtaining remediation plans from control owners, tracking progress, and coordinating closure. Provides governance oversight for the United States cyber service sustainability forum by reviewing remediation plans, ensuring non-compliance is escalated for business decision, and flagging funding risks that could impact service sustainability. Represents United States cybersecurity in application security governance forums and acts as the point person for issue resolution and follow-through. Leads through influence across cybersecurity, technology, risk, and controls teams, including coordinating the work of others when needed to meet fixed regulatory deadlines.