Lead – Cyber Risk & Control Monitoring

Lead – Cyber Risk & Control Monitoring

Position Summary

Do you want to be part of a collaborative Cybersecurity Governance team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise?

As the Lead, Cybersecurity Continuous Control Monitoring (CCM), you will help oversee the operating model and day-to-day execution of the organization’s Information Security continuous control monitoring program. You will partner across Information Security, Technology, Risk Management, and Internal Audit to define control design and objectives, instrument and automate control monitoring where feasible, evaluate control performance through data-driven testing, and drive timely remediation of control gaps.

This role serves as a central point of coordination across Information Security, Risk Management, Internal Audit, Legal, Privacy, and Technology teams—establishing governance routines, reporting, and accountability to continuously improve the security control environment, reduce risk exposure, and maintain alignment with regulatory expectations and internal standards.

You are

• Passionate about cybersecurity and IT risk management
• Curious about relevant technology risks (emerging technology, current events, etc.) and their impact on business functions
• Driven to accelerate impact and lead change
• Detail oriented
• Flexible and resourceful in managing multiple priorities
• An excellent communicator with the ability to explain security concepts in simple, business relevant terms
• Able to effectively collaborate within your own team and across the organization

You have

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
• 7+ years of experience in information security, IT risk, technology audit, compliance, GRC, or control testing/assurance functions
• Demonstrated experience leading audit, risk, or assurance activities—including evidence strategy, walkthroughs, testing, and issue remediation
• Strong stakeholder management and executive communication skills; ability to translate technical control results into business risk
• Experience defining control objectives, designing testing approaches (manual and automated), and identifying corrective actions that address root cause
• Working knowledge of security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS 500, etc.) and experience mapping controls across frameworks
• Experience producing executive-ready artifacts (dashboards, risk narratives, committee materials, audit packages) and facilitating governance forums
• Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls
• Understanding of AI/ML security and governance considerations (e.g., data protection, model risk, third-party AI, secure use/monitoring) is a plus
• Hands-on experience with GRC and control/issue management workflows (e.g., ServiceNow) and building repeatable evidence processes

• Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns
• Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP)

You will

Continuous Monitoring & Control Oversight

• Help lead the design, execution, and continuous improvement of the information security continuous control monitoring (CCM) program
• Maintain a prioritized control inventory and define control objectives, owners, evidence sources, testing frequency, and monitoring methods
• Define and monitor KPIs/KRIs and produce recurring dashboards for leadership (control health, exceptions, overdue actions, and risk trends)
• Oversee control testing and monitoring cycles (manual and automated), including data quality checks, sampling standards, and alignment to internal frameworks
• Partner with control owners to instrument monitoring, reduce manual evidence collection, and improve control reliability through automation
• Establish an intake and triage process for control exceptions, audit findings, and emerging risks to ensure consistent severity, ownership, and due dates

Audit & Assessment Coordination

• Lead coordination of internal audits, external audits, and third-party assessments, including scoping, evidence planning, walkthroughs, and stakeholder alignment
• Oversee responses to audit requests and findings, ensuring accuracy, consistency, and traceability to control design and operation
• Drive ongoing readiness for recurring assessments (e.g., SOC 2, internal audits, etc.) through continuous evidence and control health reporting

Remediation Governance

• Establish and enforce an issue management lifecycle for findings/control gaps (intake, risk rating, action plans, due dates, status reporting, closure criteria)
• Challenge and validate remediation plans to ensure root-cause correction, appropriate compensating controls, and measurable risk reduction
• Escalate overdue, high-severity, or systemic issues through established governance forums and senior leadership reporting
• Validate remediation effectiveness through follow-up testing and define clear closure criteria to prevent re-occurrence

Reporting & Cross-Functional Collaboration

• Develop executive-level reporting on control effectiveness, audit status, and remediation progress
• Partner with: Security Engineering & Operations
• Enterprise Risk Management
• Internal Audit
• Privacy & Legal
• Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through

Reporting relationships

• As our Lead, Cybersecurity Continuous Control Monitoring, you will report to our Head of Cybersecurity Governance who reports to our Deputy Chief Information Security Officer.

Location

• Three days a week at our Guardian office in New York, NY or Bethlehem, PA

Salary Range:

The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.

Our Promise

At Guardian, you’ll have the support and flexibility to achieve your professional and personal goals.  Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.

Inspire Well-Being

As part of Guardian’s Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at www.guardianlife.com/careers/corporate/benefits. Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits.

Equal Employment Opportunity

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.

Accommodations

Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact [email protected]. Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site.

Visa Sponsorship

Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship.

Notice Regarding Guardian’s Use of Artificial Intelligence in Recruitment

As part of Guardian’s job application process, Guardian may use artificial intelligence tools (“AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian’s jobs website (Careers at Guardian at https://www.guardianlife.com/careers). At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues.

Please be aware that if you apply for a specific position with Guardian, you will have the choice of opting out of Guardian’s use of AI Tools during the job application process. If you would like to request an alternative process that does not utilize AI Tools or would like to request a reasonable accommodation, within ten business days of your position application, you must email your request to [email protected], making sure to provide your name and job requisition identification number. Guardian will retain your applicant materials and resume and all information therefrom in accordance with Guardian’s document retention policy, a copy of which you may request via [email protected].

Additionally, at applicable times, Guardian will make public the most recent bias audit results for such AI tools, which may be found here. 

Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday.