The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
Regular
Language Fluency: English (Required)
Work Shift:
1st Shift (United States of America)
Please review the following job description:
The Senior Cyber Governance Officer leads a team to design and execute an integrated governance framework spanning all security and technology domains and ensure frameworks align to Enterprise Risk Management Framework.
KEY RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Ensure governance frameworks and policy structures are synchronized with emerging technology (AI) and help embed governance and assurance into the design and rollout of new products, services, business models, and operational capabilities.
- Oversee the lifecycle of enterprise security and technology policies, standards, and procedures, ensuring consistency and alignment across diverse security functions and geographies.
- Provide support for New York State Département of Financial Services (NYDFS) and Committee on Foreign Investment in the United States (CFIUS). regulatory exercises including evidence gathering, development of compliance briefings, and submission of annual attestation.
- Develop and manage assurance programs that evaluate effectiveness of controls, operational readiness, and continuous improvement across all security and technology functions.
- Chair or support cross-functional governance forums to drive policy decisions, risk escalations, and investment prioritization.
- Help develop and deliver executive-level reporting across all security and technology domains.
- Collaborate with domain risk owners (AI, cyber, physical, product, and supply chain) to assess, document, and mitigate enterprise-level risks.
- Provide independent oversight and validation of security and technology controls, resilience planning, and compliance frameworks.
- Coordinate with internal audit, legal, and corporate risk teams to ensure integration of security risks into the broader enterprise risk posture.
- Foster a culture of ownership, transparency, and continuous improvement in governance and risk management practices.
EDUCATION AND EXPERIENCE
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor's degree preferred.
- 15+ years of leadership experience is required in enterprise security and technology governance, assurance, or risk management, ideally spanning multiple security disciplines and managing teams.
FUNCTIONAL SKILLS
- Proven track record of establishing integrated governance and assurance programs across cybersecurity and technology.
- Strong knowledge of global regulatory frameworks (e.g., SOX, NIST, Cybersecurity Profile) and risk assessment methodologies.
- Knowledge and experience in regulatory IT, information security, and cybersecurity, with expertise in regulatory requirements and standards (e.g., CFIUS, NYDFS, GDPR, SEC, CCPA/CPRA, HIPAA, GLBA,
- Experience with AuditBoard.
General Description of Available Benefits for Eligible Employees of CRC Group: At CRC Group, we're committed to supporting every aspect of teammates' well-being – physical, emotional, financial, social, and professional. Our best-in-class benefits program is designed to care for the whole you, offering a wide range of coverage and support. Eligible full-time teammates enjoy access to medical, dental, vision, life, disability, and AD&D insurance; tax-advantaged savings accounts; and a 401(k) plan with company match. CRC Group also offers generous paid time off programs, including company holidays, vacation and sick days, new parent leave, and more. Eligible positions may also qualify for restricted stock units and/or a deferred compensation plan.
CRC Group supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. CRC Group is a Drug Free Workplace.
EEO is the LawPay Transparency Nondiscrimination ProvisionE-Verify
