Assessments & Exercises Director - Third Party Assurance

Job Summary

As an Executive Director within the Cybersecurity and Technology Controls (CTC) Assessments & Exercises function, you will serve as the senior technical authority for third-party cybersecurity assurance. You will bring deep, hands-on expertise in cybersecurity architecture, cloud security, and enterprise control frameworks to critically evaluate the control maturity of the firm's most complex and strategically significant suppliers.

Reporting to the Global Third-Party Assurance Lead, you help to elevate the technical rigor, depth, and credibility of third-party assurance outcomes. You will translate complex technical findings into clear, business-relevant risk insights for senior stakeholders across Cybersecurity, Technology, Risk, and the Business, and will act as a trusted escalation point for the most technically challenging assessments.

Job Responsibilities

• Provide authoritative technical leadership across third-party cybersecurity assessments, bringing deep expertise in cybersecurity architecture, cloud-native and hybrid environments, application security, and enterprise control domains.
• Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture, control maturity, and architectural resilience, particularly for the firm's most critical and complex third-party relationships.
• Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firm's risk appetite.
• Evaluate supplier security architectures across public cloud providers (AWS, Azure, Google Cloud), assessing the design and effectiveness of controls in cloud-native, hybrid, and on-premises environments.
• Act as the senior technical escalation point for complex supplier risks, control gaps, and remediation strategies, providing credible challenge and expert advisory input.
• Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities, including architecture reviews, threat modelling, and cloud security posture evaluation.
• Translate complex technical cybersecurity risks and supplier control deficiencies into clear, actionable, business-relevant insights for senior leadership and non-technical audiences through detailed reports, presentations, and other appropriate methods.
• Partner with Product Security, Cybersecurity Architecture, Technology Risk & Controls, and Cybersecurity pillar leads to ensure alignment in control intent, solution design, and third-party risk remediation.
• Lead thematic analysis to identify systemic technical weaknesses, emerging risks, and trends across the supplier landscape, and recommend strategic remediation approaches.

Required Qualifications, Capabilities, and Skills

• 10+ years of professional experience in cybersecurity, with significant depth in senior technical and/or architecture-focused positions.
• Proven ability to assess and articulate the cybersecurity control maturity of complex technology environments, including enterprise, cloud-native, and hybrid architectures.
• Deep, hands-on expertise in cybersecurity architecture, threat modelling, and designing or evaluating secure controls for enterprise-level solutions.
• Strong understanding of industry cybersecurity frameworks and key control domains (e.g., NIST CSF, ISO 27001, FFIEC, SOC 2, GDPR).
• Thorough design and operational experience across one or more major public cloud providers (AWS, Azure, Google Cloud), with relevant certifications advantageous.
• Proficiency with Cloud Security Posture Management (CSPM) tools and cloud security assessment methodologies.