Head of IT and Cyber Risk

Reporting to the Head of Operational Risk, the Head of IT & Cyber Risk provides strategic leadership for designing, implementing, and continuously enhancing second line technology and cyber risk frameworks. You will ensure the organization proactively identifies, assesses, and manages technology and cybersecurity risks, working with stakeholders to embed resiliency and robust risk practices into business operations. You will lead a specialized risk team focused on risk assessment, technology resiliency initiatives, and ongoing improvement of risk methodologies.

You Will

• Lead and oversee comprehensive IT and cyber risk assessments aligned to industry frameworks including ( e.g. National Institute of Standards and Technology (NIST) and International Organization for Standardization, (ISO)) to identify, evaluate, and prioritize risk exposures across the enterprise, including ownership of the annual NYDFS Cybersecurity Risk Assessment process, including proper documentation and reporting.
• Drive execution and oversight of technology resiliency initiatives, including development and regular testing of business continuity and disaster recovery plans.
• Collaborate with 1st and 3rd lines of defense to oversee the completion of control testing, logging findings, and integrate results into risk assessments and dashboards. Partner with auditors to support SOC attestation and remediation.
• Champion integration of risk management processes and reporting within ServiceNow (SN), ensuring seamless connectivity, process automation, and unified oversight across platforms.
• Develop, maintain, and present dashboards and key metrics to senior stakeholders providing visibility into risk landscape, control effectiveness, and program performance, enabling data-driven decision making.
• Own and maintain the IT Risk Register, facilitate root cause analysis and lessons learned, and oversee remediation activities to continuously strengthen the control environment.
• Partner with the third-party risk and business risk & resiliency teams to comprehensive IT and cyber risk assessments are performed and remediation efforts are implemented.

You Are

• Driven to accelerate impact and lead change
• Exceptional communicator across multiple levels of an organization, able to drive outcomes through others
• Flexible and resourceful in managing multiple priorities

You Have

• 10+ years of experience in cybersecurity, IT, or information security, with at least 5 years in risk management or leadership role.
• Deep knowledge of risk management frameworks (NIST, ISO, COBIT), incident response, control design, and regulatory compliance is required
• Certifications preferred (ISM, CISSP, or similar)

Reporting relationships

This position reports to the Head of Operational Risk, who reports to our Chief Risk Officer within Enterprise Risk Management.

Salary Range:

The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.

Our Promise

At Guardian, you’ll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.

Inspire Well-Being

As part of Guardian’s Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at . Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits.

Equal Employment Opportunity

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.

Accommodations

Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact [email protected]. Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site.

Visa Sponsorship

Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship.

Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday.