AVP, Cybersecurity Compliance

The AVP, Cybersecurity Compliance will play a key role in ensuring the company complies with all regulatory, legal, and industry-leading cybersecurity and privacy standards. This role is responsible for developing and maintaining a robust cybersecurity and privacy compliance program, ensuring alignment with relevant regulations (BMA Cyber, NYDFS, PIPA etc.) and industry frameworks (NIST CSF 2.0, NIST 800-53, NIST Privacy). The AVP will lead cybersecurity risk assessments, privacy impact assessments, and compliance monitoring efforts.

This role will be based in our Nashville, TN office on a hybrid basis.

What You Will Do:

• Cyber and Privacy Regulatory Compliance:
  • Ensure compliance with relevant cybersecurity and privacy regulations, including but not limited to Bermuda Monetary Authority (BMA) Cyber, New York Department of Financial Services (NYDFS) Cybersecurity Regulation, and Personal Information Protection Act (PIPA).
  • Stay updated on regulatory changes, assess their impact on the organization, and adapt compliance programs accordingly.
  • Serve as the point of contact for regulatory inquiries and work with the compliance team to ensure timely submissions of required filings and reports.
• Framework and Standards Alignment:
  • Lead implementation and reinforcements of cybersecurity and privacy programs in alignment with industry-leading frameworks such as NIST Cybersecurity Framework (CSF) 2.0, NIST 800-53, and NIST Privacy.
  • Ensure internal controls, policies, and procedures are aligned with these frameworks and undergo regular review and updates.
• Risk Assessment and Management:
  • Lead comprehensive cybersecurity and privacy risk assessments, identifying vulnerabilities, assessing their potential business impact, and ensuring appropriate mitigations are in place.
  • Perform privacy impact assessments and data protection assessments to ensure compliance with privacy regulations.
  • Work closely with IT, Legal & Compliance, Risk Management, and other stakeholders to ensure that risks are understood and mitigated in accordance with regulatory and business requirements.
  • Develop and maintain a risk and control matrix to document identified risks and corresponding controls.
• Audit and Monitoring:
  • Oversee and coordinate both internal and external cybersecurity audits, ensuring that all compliance issues are addressed effectively and promptly.
  • Develop continuous monitoring mechanisms to ensure ongoing compliance with regulatory requirements and frameworks and provide regular reports to senior leadership on compliance status.
  • Assist auditors with necessary documentation during periodic assessments, including SOC 2 reviews.
• Training and Awareness:
  • Maintain and facilitate company-wide cybersecurity and privacy compliance training programs to ensure all employees understand their roles and responsibilities regarding regulatory compliance and data protection.
• Incident Management:
  • Assist in the periodic assessment and testing of incident response plans, ensuring compliance with regulatory breach reporting requirements.
  • Participate in post-incident investigations to assess compliance gaps and recommend corrective actions.

What You Will Have:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 7+ years of experience in cybersecurity compliance, governance, risk management, or audit roles, with a focus on cyber and privacy regulations.
• Strong understanding of regulatory frameworks such as GDPR, BMA Cyber, NYDFS Cybersecurity, and PIPA.
• Expertise in conducting cybersecurity and privacy risk assessments and developing mitigation strategies.
• In-depth knowledge of NIST frameworks, including CSF 2.0, 800-53, and the NIST Privacy Framework.
• Relevant certifications (e.g., CISSP, CISM, CIPP, CRISC) preferred.
• Strong communication, collaboration, and leadership skills.

#LI-Hybrid