Cybersecurity Risk Manager Job at Huntington National Bank in Addison

Overview

The Cybersecurity Risk Manager is responsible for oversight and administration of operational and regulatory risk strategy programs for a business segment. Huntington is moving applications and infrastructure to leverage cloud provider services and a hybrid/on‑premises network. This role partners with the Cyber Operations and Engineering teams to design and build technologies using best practices from FFIEC guidance, COBIT, NIST, and other industry standards. The Risk Manager identifies potential deficiencies, assists the business segment with audit findings and responses, reviews remediation plans, and acts as a trusted advisor to identify risk to the company. The candidate will help ensure cyber offerings follow defined governance processes, standards, and control requirements as Huntington transforms its cloud and on‑premises environments.

Responsibilities

• Provide oversight and challenge to technical configurations, solutions and implementation of cyber security tools, systems, and platforms.
• Evaluate effectiveness of controls and escalate as appropriate.
• Direct self-monitoring and testing activities to ensure that they are performed in accordance with Corporate Risk Management requirements.
• Evaluate the adequacy and effectiveness of enterprise and regulatory controls and the resulting risk and control self‑assessments.
• Deliver timely escalation of all issues requiring attention to senior management.
• Work with business segment management to ensure that the overall risk function is effectively supporting strategic goals.
• Collaborate with audit/business segment/corporate risk to address issues with plausible action plans and target dates.
• Act as the central point for receipt and distribution of important risk information for the business segment and reciprocate the flow of information back to corporate risk management.
• Ensure business segment adheres to corporate and business unit policies and procedures.
• Must be aware of and keep abreast of Third‑Party risk associated with the assigned business segment.

Basic Qualifications

• Bachelor’s degree in computer science, cyber security, information technology, computer engineering or equivalent.
• Five years of any of the combined experience below in Cyber Security, Audit and Risk Management
• 2 years of experience Anti‑Virus/Malware.
• 2 years’ experience in network security, firewalls, WAF, Tufin or similar.
• 2 years’ application and network segmentation.
• 2 years’ breach and attack simulation with tools like MITRE ATT&CK, AttackIQ or similar.
• 2 years in threat management, vulnerability management.
• 2 years using SAST, DAST, IAST, MAST or SCA tools.
• 2 years as a security engineer or architect.

Preferred Qualifications

• Excellent communication skills required to negotiate internally, often at a senior level; some external communication may be necessary.
• Understanding of FFIEC guidance, COBIT and NIST framework.
• Willingness to learn, on‑the‑job learning and a desire to continually develop new technical skills; strong written and oral communication skills.
• Organized, responsive, and thorough problem solver with demonstrable cyber risk knowledge from real‑world environments.
• Understanding of security requirements, best practices, and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS.
• Mid‑level professional with 5–10 years of experience in consulting, financial services, technology/fintech or government IT risk roles.
• Master’s degree or relevant professional qualifications with Risk / Security management.
• CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other security/privacy certifications preferred but not required.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Finance and Sales

Industries

• Banking, Financial Services, and Investment Banking

Huntington is an Equal Opportunity Employer.

#J-18808-Ljbffr