Assistant Director - Cyber Risk, Department of Operations
Bermuda
Bermuda Monetary Authority
The BMA regulates & inspects Bermudaās financial institutions, issues currency, manages exchange control transactions & advises Bermudaās Government on monetary matters.
Assistant Director ā Cyber Risk
Department of Operations
Bermuda Monetary Authority (Authority or BMA) is seeking the services of a skilled and capableĀ
individual to work as an Assistant Director ā Cyber Risk in our Department of Operations. ReportingĀ
to the Deputy Director ā Cyber Risk, the Assistant Director ā Cyber Risk will be responsible forĀ
supervising all aspects of cyber risk supervision for BMA-regulated entities by way of effectiveĀ
plans and schedules, demonstrating leadership qualities and communication skills that provide theĀ
basis of quality service and performance of duties.Ā This is a key role for the Authority, and the post-holder will be responsible for:
ā¢ Conducting meetings and on-site security reviews of regulated entities for compliance with theĀ
Authorityās standards, comparable to such frameworks as NIST, ISO 27001, COBIT, etc., before makingĀ
operational cyber risk assessments, building rating profiles and recommending security controlsĀ
improvements. Managing the creation of evaluation/on-site reports. Identifying risk to regulatedĀ
entities associated with the intelligence topic. Advising and supporting the AuthorityāsĀ
supervisory departments regarding ongoing cyber supervision
ā¢ Working in consultation with Banking, Trust, Corporate Services and Investments (BTCSI),Ā
Insurance and Financial Technology supervisors to manage the creation of on-site operational cyberĀ
risk schedules and supervisory plans based upon professional judgement and operational cyber riskĀ
model ratings arising from prudential filings, previous on-sites, cyber threat intelligence andĀ
other relevant inputs
ā¢ Keeping under review the design of operational cyber risk supervisory frameworks for on-site andĀ
off-site supervision of BMA-regulated entities and ensuring that these operational cyber riskĀ
frameworks are aligned with international standards
ā¢ Working in consultation with Supervisory, Policy Development, Legal Services and Enforcement andĀ
other relevant departments in preparation for the drafting of operational cyber risk supervisoryĀ
policies, procedures, guidance notes and legislative drafting instructions
ā¢ Reviewing regulated entity cyber risk submissions for both licensing applications and prudentialĀ
filings and producing risk and compliance reports for relevant sector supervisors
ā¢ Performing duties as a member of the FinTech and InsurTech Innovation Working Groups, assistingĀ
them with administering the regulatory sandboxes and innovation hubs, particularly as it relates toĀ
cybersecurity analysis and advice
ā¢ Oversees performance of individual team members, provides direction, mentoring and feedback.Ā
Conducts formal performance appraisal discussions as prescribed by the performance managementĀ
process.
ā¢ Managing the research of emerging cyber threats. Applying an analytical understanding of hackerĀ
methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.Ā
Producing threat intelligence, providing situation awareness of cyber threats impacting regulatedĀ
entitiesā digital assets. Communicating to regulated entities and senior leadership bothĀ
quantifiable and qualitative cyber risk to the enterprise through briefings and threat intelligenceĀ
reports
ā¢ Collaborating with technical analysts to provide indications and warnings and conduct predictiveĀ
analyses of potentially malicious activity
ā¢ Advising the supervisory units on the use of machine learning and advanced security software
ā¢ Performing other related work and special projects as assigned by management in accordance withĀ
competencies normally associated with the postĀ This position requires a proven technical and business background; therefore, the post-holder mustĀ
have:
ā¢ A masterās degree in computer science, information technology, telecommunications or equivalentĀ
education/designation or related work experience together with formal education in the areas ofĀ
CISSP, EC-Council CISO certifications, CISM, CISA, Security+, ISO, ITIL and privacy certifications
ā¢ A minimum of ten (10) years of cyber risk experience as a cybersecurity specialist or similarĀ
role in the financial services sector, preferably in the regulatory environment. Experience mustĀ
include at least five (5) years of senior-level experience
ā¢ Experience in managing and mentoring direct reports
ā¢ Knowledge of Bermudaās Insurance Act 1978, Digital Asset Business Act 2018, cyber codes ofĀ
conduct and associated frameworks is required
ā¢ Experience in drafting of policies and legislative drafting
ā¢ Solid understanding and experience with encryption, PKI and key protection
ā¢ The ability to conduct third-party security reviews
ā¢ Effective communication skills
ā¢ Experience with distributed ledger technology and digital assetsĀ The Authority is the integrated regulator of the financial services sector in Bermuda. We offer theĀ
opportunity for broad exposure to international regulatory issues, special projects and a varietyĀ
of work experiences.Ā If you are looking for a challenging opportunity in a team environment, we invite you to submitĀ
your application online via our āCareersā page at www.bma.bm. Applications for this position mustĀ
be received no later than 16 July 2025.Ā BMA House | 43 Victoria Street | Hamilton HM 12 | Bermuda |
Tel: (441) 295 5278Ā Bermuda Monetary Authority is an Equal Opportunity Employer.
Individual Excellenceā¦Collective Strength
Department of Operations
Bermuda Monetary Authority (Authority or BMA) is seeking the services of a skilled and capableĀ
individual to work as an Assistant Director ā Cyber Risk in our Department of Operations. ReportingĀ
to the Deputy Director ā Cyber Risk, the Assistant Director ā Cyber Risk will be responsible forĀ
supervising all aspects of cyber risk supervision for BMA-regulated entities by way of effectiveĀ
plans and schedules, demonstrating leadership qualities and communication skills that provide theĀ
basis of quality service and performance of duties.Ā This is a key role for the Authority, and the post-holder will be responsible for:
ā¢ Conducting meetings and on-site security reviews of regulated entities for compliance with theĀ
Authorityās standards, comparable to such frameworks as NIST, ISO 27001, COBIT, etc., before makingĀ
operational cyber risk assessments, building rating profiles and recommending security controlsĀ
improvements. Managing the creation of evaluation/on-site reports. Identifying risk to regulatedĀ
entities associated with the intelligence topic. Advising and supporting the AuthorityāsĀ
supervisory departments regarding ongoing cyber supervision
ā¢ Working in consultation with Banking, Trust, Corporate Services and Investments (BTCSI),Ā
Insurance and Financial Technology supervisors to manage the creation of on-site operational cyberĀ
risk schedules and supervisory plans based upon professional judgement and operational cyber riskĀ
model ratings arising from prudential filings, previous on-sites, cyber threat intelligence andĀ
other relevant inputs
ā¢ Keeping under review the design of operational cyber risk supervisory frameworks for on-site andĀ
off-site supervision of BMA-regulated entities and ensuring that these operational cyber riskĀ
frameworks are aligned with international standards
ā¢ Working in consultation with Supervisory, Policy Development, Legal Services and Enforcement andĀ
other relevant departments in preparation for the drafting of operational cyber risk supervisoryĀ
policies, procedures, guidance notes and legislative drafting instructions
ā¢ Reviewing regulated entity cyber risk submissions for both licensing applications and prudentialĀ
filings and producing risk and compliance reports for relevant sector supervisors
ā¢ Performing duties as a member of the FinTech and InsurTech Innovation Working Groups, assistingĀ
them with administering the regulatory sandboxes and innovation hubs, particularly as it relates toĀ
cybersecurity analysis and advice
ā¢ Oversees performance of individual team members, provides direction, mentoring and feedback.Ā
Conducts formal performance appraisal discussions as prescribed by the performance managementĀ
process.
ā¢ Managing the research of emerging cyber threats. Applying an analytical understanding of hackerĀ
methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.Ā
Producing threat intelligence, providing situation awareness of cyber threats impacting regulatedĀ
entitiesā digital assets. Communicating to regulated entities and senior leadership bothĀ
quantifiable and qualitative cyber risk to the enterprise through briefings and threat intelligenceĀ
reports
ā¢ Collaborating with technical analysts to provide indications and warnings and conduct predictiveĀ
analyses of potentially malicious activity
ā¢ Advising the supervisory units on the use of machine learning and advanced security software
ā¢ Performing other related work and special projects as assigned by management in accordance withĀ
competencies normally associated with the postĀ This position requires a proven technical and business background; therefore, the post-holder mustĀ
have:
ā¢ A masterās degree in computer science, information technology, telecommunications or equivalentĀ
education/designation or related work experience together with formal education in the areas ofĀ
CISSP, EC-Council CISO certifications, CISM, CISA, Security+, ISO, ITIL and privacy certifications
ā¢ A minimum of ten (10) years of cyber risk experience as a cybersecurity specialist or similarĀ
role in the financial services sector, preferably in the regulatory environment. Experience mustĀ
include at least five (5) years of senior-level experience
ā¢ Experience in managing and mentoring direct reports
ā¢ Knowledge of Bermudaās Insurance Act 1978, Digital Asset Business Act 2018, cyber codes ofĀ
conduct and associated frameworks is required
ā¢ Experience in drafting of policies and legislative drafting
ā¢ Solid understanding and experience with encryption, PKI and key protection
ā¢ The ability to conduct third-party security reviews
ā¢ Effective communication skills
ā¢ Experience with distributed ledger technology and digital assetsĀ The Authority is the integrated regulator of the financial services sector in Bermuda. We offer theĀ
opportunity for broad exposure to international regulatory issues, special projects and a varietyĀ
of work experiences.Ā If you are looking for a challenging opportunity in a team environment, we invite you to submitĀ
your application online via our āCareersā page at www.bma.bm. Applications for this position mustĀ
be received no later than 16 July 2025.Ā BMA House | 43 Victoria Street | Hamilton HM 12 | Bermuda |
Tel: (441) 295 5278Ā Bermuda Monetary Authority is an Equal Opportunity Employer.
Individual Excellenceā¦Collective Strength
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index š°
Job stats:
0
0
0
Tags: Banking CISA CISM CISO CISSP COBIT Compliance Computer Science Encryption Exploits FinTech ISO 27001 ITIL Machine Learning NIST PKI Privacy Risk assessment Threat intelligence Vulnerabilities
Region:
North America
Country:
Bermuda
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Systems Administrator jobsIT Security Analyst jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsSecurity Operations Engineer jobsSenior Cloud Security Engineer jobsCyber Security Specialist jobsSenior Information Security Analyst jobsInformation Security Manager jobsSenior Product Security Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsChief Information Security Officer jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsSecurity Specialist jobsInformation Systems Security Engineer jobsSenior Cyber Security Engineer jobsIT Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Software Engineer jobsSecurity Operations Analyst jobsSoftware Engineer jobsCybersecurity Specialist jobsNetwork Engineer jobs
Security assessment jobsGDPR jobsTS/SCI jobsEDR jobsEncryption jobsSDLC jobsThreat detection jobsSplunk jobsTerraform jobsMalware jobsRMF jobsSQL jobsIDS jobsFinance jobsITIL jobsCompTIA jobsTop Secret jobsIPS jobsSOC 2 jobsForensics jobsDocker jobsOWASP jobsActive Directory jobsClearance Required jobsGIAC jobs
CRISC jobsIntrusion detection jobsOSCP jobsTCP/IP jobsMITRE ATT&CK jobsDoDD 8570 jobsAnsible jobsHIPAA jobsVPN jobsZero Trust jobsData Analytics jobsJavaScript jobsSOAR jobsCCSP jobsIT infrastructure jobsJira jobsBanking jobsUNIX jobsSOX jobsDNS jobsIndustrial jobsNIST 800-53 jobsKPIs jobsCISO jobsSANS jobs