Vice President, Cybersecurity Risk Lead

The ideal candidate will be responsible for leading the risk management function within the organization, ensuring that our cybersecurity practices effectively mitigate risks and comply with regulatory requirements. This role requires a strategic thinker with strong leadership skills and a deep understanding of cybersecurity risk management principles.

The Expertise You Have and The Skills You Bring

• Develop and implement a comprehensive risk management framework for the organization's cybersecurity practices.

• Lead the identification, assessment, and prioritization of cybersecurity risks, ensuring timely and effective mitigation strategies are in place.

• Collaborate with cross-functional teams to integrate risk management practices into business processes and decision-making.

• Monitor and analyze cybersecurity threats and vulnerabilities, providing actionable insights and recommendations to senior leadership.

• Ensure compliance with relevant regulations, standards, and frameworks (e.g., NIST, ISO, GDPR, CCPA) and maintain up-to-date knowledge of industry best practices.

• Oversee the development and maintenance of risk registers, risk assessments, and risk treatment plans.

• Provide regular reports and updates on risk management activities, including risk assessments, mitigation strategies, and compliance status to the CISO and other stakeholders.

• Collaborate with ET CIOs to oversee Cybersecurity governance as a 1st Line of Defense Technology Risk Manager, ensuring regulatory oversight and documenting  issues and controls on behalf of the domain.

• Foster a risk-aware culture within the organization by conducting training and awareness programs for employees.

• Lead and mentor a team of risk management professionals, ensuring continuous development and growth within the team.

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (Master's degree preferred).

• Minimum of 10 years of experience in cybersecurity risk management, with at least 5 years in a leadership role.

• Strong knowledge of cybersecurity risk management frameworks, standards, and regulations.

• Proven experience in developing and implementing risk management strategies and frameworks.

• Excellent analytical, problem-solving, and decision-making skills.

• Strong communication and interpersonal skills, with the ability to effectively convey complex information to both technical and non-technical audiences.

• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA) are highly desirable.

Placement in the range will vary based on job responsibilities and scope, geographic location, candidate’s relevant experience, and other factors.

Base salary is only part of the total compensation package. Depending on the position and eligibility requirements, the offer package may also include bonus or other variable compensation.   

We offer a wide range of benefits to meet your evolving needs and help you live your best life at work and at home.  These benefits include comprehensive health care coverage and emotional well-being support, market-leading retirement, generous paid time off and parental leave, charitable giving employee match program, and educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career.  Note, the application window closes when the position is filled or unposted.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Fidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.