Lead, Cybersecurity/IT Control Design and Monitoring

Lead, Cybersecurity/IT Control Design and Monitoring (First Line)

Position Summary

Do you want to be part of a collaborative team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise?

As the Lead, Cybersecurity/IT Control Design and Monitoring, you will help oversee the appropriate controls are designed and monitored to ensure compliance with policies. You will partner across Cybersecurity, Technology, Risk Management, and Internal Audit to design controls, instrument and automate control monitoring, evaluate control performance through data-driven assurance, and drive timely remediation of control gaps.

In partnership with 2nd line and control owners, this role helps to manage risk exposure and maintain alignment with policies and internal standards.

• Passionate about cybersecurity, control design and IT control and risk management
• Curious about relevant technology risks (emerging technology, current events, etc.)
• Driven to accelerate impact and lead change
• Detail and analytically oriented
• Flexible and resourceful in managing multiple priorities
• An excellent communicator with the ability to explain security concepts in simple, business relevant terms
• Able to effectively collaborate within your own team and across the organization

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Technology Risk Management, or a related field (or equivalent experience)
• 5+ years of experience in cybersecurity, architecture, IT risk, technology audit,
• Strong stakeholder management and communication skills; ability to translate technical control results into business risk
• Experience defining control objectives to address risks, designing controls, identifying residual risks, designing assurance approaches (manual and automated), and identifying corrective actions that address root cause
• Working knowledge of security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, COBIT, SOC 2, NYDFS 500, etc.) and experience mapping controls across frameworks
• Experience producing management-ready artifacts and facilitating governance forums
• Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls
• Understanding of AI/ML security and governance considerations (e.g., data protection, model risk, third-party AI, secure use/monitoring) is a plus
• Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns
• Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP)

Security/Technology Control Design

• Engage in new projects (Tech Governance process) to ensure the appropriate controls are designed and implemented to meet policies, including as appropriate those related to Key Financial Systems (KFS)
• Partner with internal audit Model Audit Rule team and risk team to ensure design is appropriate
• Perform initial validation of designed controls to ensure they are designed and operating effectively prior to go-live

Cyber Control Monitoring & Self-Assessment

• Help lead the design, execution, and continuous improvement of the first line information security continuous control monitoring program
• In partnership with 2nd line, maintain a prioritized control inventory and define control objectives, owners, evidence sources, testing frequency, and monitoring methods
• Identify coverage gaps, control weaknesses, and emerging risks through ongoing monitoring, drive changes to the 1st line monitoring program based on findings, and escalate to risk for issue management, remediation oversight, and risk trending
• Oversee control testing and monitoring cycles (manual and automated), including data quality checks, sampling standards, and alignment to internal frameworks
• Partner with control owners to instrument monitoring, improve known issues and risks, reduce manual evidence collection, and improve control reliability through automation
• Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through

Audit & Assessments

•  Coordinate with 2nd line liaison to ensure timely, accurate, quality and consistent responses to audit/regulatory requests and findings across D&T. Determine if any findings are pervasive across other applications, platforms etc. and identify opportunities for further investigation
• Support audit and regulatory assessments by ensuring 1st line evidence, documentation, and control artifacts are current and readily available

Risk Remediation

•  Assist D&T control owners in designing remediation plans that address root-cause correction, appropriate compensating controls, and achieve measurable risk reduction
•  Validate effectiveness of remediation actions identified through the 1st line monitoring program, confirm resolution and adequacy to prevent recurrenc
• Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through

• As our Lead, Cybersecurity Continuous Control Monitoring, you will report to our Head of Cybersecurity Governance who reports to our Deputy Chief Information Security Officer.

Location

• Three days a week at our Guardian office in New York, NY or Bethlehem, PA

Salary Range:

The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.

Our Promise

At Guardian, you’ll have the support and flexibility to achieve your professional and personal goals.  Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.

Inspire Well-Being

As part of Guardian’s Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at www.guardianlife.com/careers/corporate/benefits. Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits.

Equal Employment Opportunity

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.

Accommodations

Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact [email protected]. Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site.

Visa Sponsorship

Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship.

Notice Regarding Guardian’s Use of Artificial Intelligence in Recruitment

As part of Guardian’s job application process, Guardian may use artificial intelligence tools (“AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian’s jobs website (Careers at Guardian at https://www.guardianlife.com/careers). At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues.

Please be aware that if you apply for a specific position with Guardian, you will have the choice of opting out of Guardian’s use of AI Tools during the job application process. If you would like to request an alternative process that does not utilize AI Tools or would like to request a reasonable accommodation, within ten business days of your position application, you must email your request to [email protected], making sure to provide your name and job requisition identification number. Guardian will retain your applicant materials and resume and all information therefrom in accordance with Guardian’s document retention policy, a copy of which you may request via [email protected].

Additionally, at applicable times, Guardian will make public the most recent bias audit results for such AI tools, which may be found here. 

Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday.