Director, Cyber Risk

Posted 6 Days Ago
Be an Early Applicant
2 Locations
In-Office
Expert/Leader
Insurance
In a world made up of devices, screens, and power buttons, when something breaks, Asurion steps in to help.
The Role
Lead and mature enterprise cyber and technology risk management: own lifecycle, frameworks (NIST/ISO), risk quantification (FAIR), risk register, appetite, control assurance, reporting to executives/board, and build a high-performing team.
Summary Generated by Built In
Position Overview

The Director, Cyber Risk leads Asurion’s cyber and technology risk management discipline and is accountable for a consistent, outcome-driven program the business can rely on for decision-making. This strategic, cross-functional leader owns the end-to-end cyber risk lifecycle—identification, assessment, quantification, treatment, acceptance, monitoring, and reporting—along with the cyber risk register, risk appetite and tolerance framework, control assurance, and issues management. The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management, Internal Audit, Legal, and Privacy. This role sets the standard for sound risk judgment, develops a high-performing team, and translates complex cyber risk into clear, defensible narratives for senior leadership and the board. This is a salaried, leadership role with enterprise impact, guiding a multi-year maturity uplift from ad hoc practices to scalable, evidence-based risk management.

Key Responsibilities
  • Own and continuously improve the cyber and technology risk management framework, methodology, taxonomy, and lifecycle aligned to NIST CSF 2.0, ISO 27001/27005, and applicable regulatory obligations.
  • Define standards, procedures, and rating scales for consistent enterprise-wide risk identification, assessment, and reporting; partner with the PISO model to ensure common language and practices across portfolios.
  • Lead enterprise cyber risk assessments across technology, business, regulatory, and emerging-risk domains to produce consistent, defensible determinations.
  • Establish and operate a cyber risk quantification capability (e.g., FAIR-based) to express risk in business and financial terms and inform prioritization and investment decisions.
  • Maintain the enterprise cyber risk register; ensure risks are well-described, owned, rated, and tracked to acceptable residual levels; develop and manage KRI/KCI programs for forward-looking posture.
  • Operationalize the risk appetite and tolerance framework with the CISO and senior leadership; own risk acceptance and exception governance with clear, auditable documentation and time-bound approvals.
  • Govern cyber risk policy structure, ownership, review cadence, and exception handling; chair or support cyber risk forums and escalate decisions to appropriate authority levels.
  • Lead second-line, risk-based assurance over design and operating effectiveness of key cyber controls in coordination with first-line and Internal Audit; identify thematic weaknesses and drive structural remediation.
  • Own issues and remediation management—intake, prioritization, owner assignment, tracking to closure, and escalation of aging items.
  • Define and report outcome-focused metrics (e.g., residual risk trends, out-of-appetite reduction, early-versus-late finding ratios, incidents tied to accepted risk) in executive- and board-ready formats.
  • Serve as primary point of contact for cyber risk in regulatory exams, audits, and carrier-partner due diligence.
  • Integrate cyber risk into Enterprise Risk Management to ensure consistency in enterprise risk reporting and governance; partner with Legal, Privacy, Procurement, and technology leaders to embed risk-informed decisions.
  • Oversee vendor/third-party risk within the cyber risk portfolio to ensure supply-chain risk is governed in line with enterprise practices.
  • Build, lead, and develop a team of senior managers and analysts; set objectives, manage performance, and scale capacity through process improvement, tooling, and appropriate AI-assisted workflows.
Education and Experience
  • Bachelor’s degree in a related field or equivalent professional experience.
  • 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams/domains.
  • Proven experience designing, leading, or substantially maturing an end-to-end enterprise cyber/IT risk management program.
  • Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three-lines-of-defense model.
  • Experience operating a risk register, risk appetite/tolerance framework, and risk acceptance/exception governance.
  • Hands-on experience with GRC/IRM platforms (e.g., ServiceNow IRM, Archer, OneTrust, or comparable).
  • Excellent executive communication skills with a track record of briefing senior leadership and boards.
  • Strong cross-functional influence partnering across security, technology, legal, privacy, and business teams.
  • Preferred: CRISC, CISSP, CISM, or CISA; FAIR-based quantification experience; background in regulated or consumer-facing environments; experience with ERM integration and executive/board risk committees; Master’s degree in a related field.
Knowledge, Skills, and Abilities
  • Strategic risk leadership with the ability to connect cyber risk to business outcomes and investment decisions.
  • Sound, defensible judgment under uncertainty; skilled in risk trade-offs and acceptance decisions.
  • Expertise in risk quantification, KRI/KCI design, and outcome-based program metrics.
  • Strong governance and policy acumen, including appetite/tolerance, exceptions, and escalation pathways.
  • Proficiency in second-line control assurance and issues management, driving thematic remediation.
  • Exceptional written and verbal communication; translates complex risk into clear, actionable narratives for executives and the board.
  • Team leadership and talent development; builds high-performance teams and next-level leaders.
  • Change agent mindset with process improvement, tooling, and automation competencies, including appropriate use of AI-assisted workflows.
  • Collaboration and influence across ERM, Internal Audit, Legal, Privacy, Procurement, and technology organizations.
Travel Requirements

N/A

Physical Demands
  • Stationary Position: Frequently
  • Vision: 20/20 corrected vision
  • Hearing: Receive detailed information if spoken to

Skills Required

  • Bachelor's degree or equivalent professional experience
  • 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams
  • Proven experience designing, leading, or substantially maturing an end-to-end enterprise cyber/IT risk management program
  • Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three-lines-of-defense model
  • Experience operating a risk register, risk appetite/tolerance framework, and risk acceptance/exception governance
  • Hands-on experience with GRC/IRM platforms (ServiceNow IRM, Archer, OneTrust, or comparable)
  • Experience defining and operating KRI/KCI programs and outcome-focused risk metrics
  • Excellent executive communication skills with experience briefing senior leadership and boards
  • Strong cross-functional influence partnering across security, technology, legal, privacy, and business stakeholders
  • Experience building, leading, and developing teams of senior managers and analysts
  • FAIR-based risk quantification experience
  • Preferred certifications: CRISC, CISSP, CISM, or CISA
  • Background in regulated or consumer-facing environments and ERM integration experience
  • Master's degree in a related field

Asurion Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Asurion and has not been reviewed or approved by Asurion.

  • Fair & Transparent Compensation Pay is often described as solid or competitive in certain corporate and technical tracks, with some roles viewed as aligned to market ranges.
  • Strong & Reliable Incentives Short-term incentives and bonus structures are described as a meaningful layer on top of base pay, increasing total compensation when targets are met.
  • Healthcare Strength Medical, dental, and vision offerings are described as inclusive and broad, with additional protections like life/AD&D and disability coverage available.

Asurion Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Nashville, Tennessee
18,000 Employees
Year Founded: 1994

What We Do

We're a global tech care company keeping nearly every device and appliance in your home running smoothly. Trusted by more than 100 leading brands and serving over 230M customers worldwide, we deliver tech support, repair, protection, and replacements at a massive scale. From your neighborhood uBreakiFix by Asurion repair store, to in-home tech support, to global protection plans, we’re the people keeping your tech connected when it matters most.

Why Work With Us

As Asurion, you will work with people who care about you and the work we do together. You can depend on us to care about the work you do.

Gallery

Gallery

Similar Jobs

Capital One Logo Capital One

Director, Technology & Cyber Risk Metrics

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
2 Locations
55000 Employees
210K-263K Annually
In-Office
41 Locations
13711 Employees
190K-300K Annually
In-Office
41 Locations
13711 Employees
190K-300K Annually
In-Office
41 Locations
13711 Employees
190K-300K Annually

Similar Companies Hiring

Globe Life Thumbnail
Insurance • Financial Services
McKinney, TX
3000 Employees
MassMutual India Thumbnail
Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana
Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account