Cyber Governance Senior Associate

About this role

Overview

Join our global team of cyber security experts, protecting our business and developing exciting capabilities on the frontline of cyber defense.  The Cyber Governance team is responsible for delivering a coordinated, integrated approach to cybersecurity policy, risk, and compliance management within the Information Security organization. Operating as a first-line risk function, the team partners with internal and external stakeholders to manage security policies, assess risks, and ensure alignment with regulatory requirements.

We are looking for a person with 5+ years of Information Security experience, performing governance, risk and compliance management for large Financial Services firms, or 4+ years in a related consulting role. This role will support the governance and oversight of the BlackRock Information Security program, ensuring alignment with regulatory expectations and internal policies, and influencing the management of cybersecurity risks across the organization.

Responsibilities:

• Assist in the development, maintenance and communication of information security policies, standards, and procedures.
• Support internal risk assessments and continuous controls monitoring activities.
• Maintain a framework with key cybersecurity controls and evidence owned by Information Security personnel. 
• Facilitate testing of control design and effectiveness. Engage with global SMEs to update and maintain the control/evidence framework, and to develop test steps. 
• Facilitate program assessments, audits and regulatory reviews, and provide documentation and evidence as needed
• Develop presentations and materials for senior and executive management, Boards, and regulators. Maintain a global resource with all regional presentations to boards, committees and regulators. 
• Support regulatory developments, including monitoring new regulations, and preparing actions for new regulatory requirements. 
• Support the development and maintenance of cybersecurity metrics and key risk indicators (KRIs).
• Track and report on cybersecurity risk issues, including identified findings from audits, program assessments, and regulatory reviews.
• Identify potential areas of improvement, and engage in process/control improvements of the Information Security program, in any area where enhancements are needed or appropriate.
• Stay informed on emerging cyber threats, regulatory changes, and industry best practices.
• Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
• Maintain and update information security-related program documents (e.g., Information Security Program Overview, Risk Management handbook, roles and responsibilities matrices, etc.) as needed.

BlackRock is committed to building great Cyber Security careers for our people, and we are looking for an individual with a passion for cyber security defense to continue the growth of our exceptional team. 

What the ideal candidate looks like:

• Strong documentation and process-oriented background with leading and managing complex Technology projects. 
• Detail-oriented with a strong sense of accountability and follow-through.
• Ability to proactively take initiative on assigned projects and tasks, and to anticipate risks, identify gaps, and suggest enhancements before issues escalate.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. 
• Ability to effectively influence others to account for the plans and collaborative behaviors for results. 
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner. 
• Ability to identify and assess cybersecurity threats, risks and controls to cost-effectively mitigate risks. 
• Strong decision-making abilities. 
• Ability to react to high pressure dynamically changing environments. 
• Ability to manage multiple priorities and stakeholders in a fast-paced environment, and to pay attention to sources of information from inside and outside one’s network within an organization. 
• Ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches. 
• Disciplined with interpersonal skills to work well in a global environment, complementing teams in multiple remote locations. 

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above.

For reference, the typical work experience and educational background of candidates in this role are as follows: 

• BS in MIS, Computer Science, Information Security, or a related field 
• 5+ years in Information Security. Experience in a regulated industry (e.g., finance, healthcare, etc.) is highly desirable.
• 3+ years of experience in information security governance, risk and compliance management.
• 3+ years of experience with developing and maintaining information security program documentation, including creating and maintaining information security policies and standards.
• Working knowledge of information security management frameworks (e.g., NIST Cybersecurity Framework (CSF), ISO/IEC 27001, COBIT, CIS Controls, etc.) 
• Experience with cybersecurity metrics and KRI development
• Experience with developing senior management and executive-level communications
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Auditor (CISA) preferred. 
• Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Outlook).
• Experience with GRC platforms (e.g., ServiceNow, Archer, etc.) is a plus.

For Wilmington, DE Only the salary range for this position is USD$110,000.00 - USD$138,000.00 . Additionally, employees are eligible for an annual discretionary bonus, and benefits including heath care, leave benefits, and retirement benefits. BlackRock operates a pay-for-performance compensation philosophy and your total compensation may vary based on role, location, and firm, department and individual performance.

Our benefits

To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Our hybrid work model

BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.

About BlackRock

At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being.  Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.

For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www.linkedin.com/company/blackrock

BlackRock is proud to be an equal opportunity workplace. We are committed to equal employment opportunity to all applicants and existing employees, and we evaluate qualified applicants without regard to race, creed, color, national origin, sex (including pregnancy and gender identity/expression), sexual orientation, age, ancestry, physical or mental disability, marital status, political affiliation, religion, citizenship status, genetic information, veteran status, or any other basis protected under applicable federal, state, or local law. View the EEOC’s Know Your Rights poster and its supplement and the pay transparency statement.

BlackRock is committed to full inclusion of all qualified individuals and to providing reasonable accommodations or job modifications for individuals with disabilities. If reasonable accommodation/adjustments are needed throughout the employment process, please email Disability.Assistance@blackrock.com. All requests are treated in line with our privacy policy.

BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.