Director of Cyber Security Governance and Risk Management

The Opportunity

We are seeking a Director of Cyber Security Governance who will lead the development, implementation, and oversight of a comprehensive cyber governance program at Mass Mutual. This individual will ensure the organization's cyber policies, standards, and processes align with regulatory requirements, industry best practices, and enterprise governance objectives. As a key leader within the Cyber Security team, the Director will drive cross-functional collaboration within the cyber organization and build a culture of compliance.

The Team

The Director of Cyber Security Governance will drive the Cyber organization in achieving its’ objectives through the proactive evaluation and compliance of program activities and controls that prevent or mitigate the impact of compliance risk.

The Impact - Responsibilities (in partnership with Enterprise Technology & Experience [ETX] Governance & Risk):

Governance & Policy Management:

• Develop, implement, and maintain cybersecurity policies, standards, and guidelines.
• Ensure alignment with the enterprise technology governance framework and methodology, along with such frameworks as NIST Cybersecurity Framework (CSF), and ISO 27001.
• In partnership with the ETX Governance & Risk, establish governance processes to monitor compliance with internal cyber policies and regulatory requirements.

Risk Management:

• Oversee cyber risk assessment processes, identifying key risks and recommending mitigations.
• Partner with enterprise governance and risk management to integrate cyber risks into the broader risk management framework.
• Provide strategic recommendations to leadership on risk acceptance, mitigation, and transfer.

Regulatory Compliance & Audit:

• Lead efforts to prepare for and respond to internal and external cybersecurity audits.
• Ensure compliance with industry regulations such as NYDFS, PCI DSS, and data protection laws.
• Collaborate with legal, compliance, and audit teams to address findings and implement corrective actions.

Metrics & Reporting:

• Develop and track Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) related to cybersecurity governance.
• Prepare and present regular reports to executive leadership on our cyber governance posture.

Leadership & Collaboration:

• Lead and mentor a team of cyber governance professionals.
• Collaborate with various stakeholders such as IT, Legal, Compliance, and other area to promote a secure culture.
• Partner with external agencies, consultants, and vendors to stay abreast of emerging risks and best practices.

The Minimum Qualifications:

• Bachelor’s degree, preferably in information security, Computer Science, Risk Management, or a related field.
• 8+ years of experience in cybersecurity, with 4+ years in a leadership capacity.

The Ideal Qualifications

• Deep understanding of cybersecurity frameworks (e.g., NIST, ISO, CIS).
• Strong knowledge of regulatory requirements.
• Excellent leadership, communication, and interpersonal skills.
• Ability to articulate complex cybersecurity concepts to non-technical stakeholders.
• Proven experience in the insurance or financial services industry is highly desirable.
• Relevant certifications such as CISSP, CISM, CRISC, CGRC or CGEIT are highly preferred.

#LI-SC1

MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.