Director of Information & Cybersecurity Compliance (HYRBID)

About the position At Equitable, we help clients secure their financial well-being so they can pursue long and fulfilling lives - a mission we’ve honed since 1859. Equitable is looking for a Director of Information & Cybersecurity Compliance who will be responsible for advancing and further improving our cyber compliance and risk assurance function. Reporting directly to the Chief Information Security Officer, the Director will oversee third-party risk and vendor assurance, regulatory and audit engagements, and client driven security reviews. The ideal candidate brings a strong foundation in cyber law, IT audit or information security risk management, paired with the executive presence and judgement required to represent the organization in external interactions. The position will manage a high-performing team and will be responsible for setting strategy, driving execution and continuously improving the effectiveness of the compliance program.

Responsibilities

• Design, implement, and continuously enhance the organization’s information security compliance program, ensuring alignment with regulatory requirements and industry best practices (e.g. NIST CSF, ISO, CIS, SOC, etc.).
• Serve as a trusted advisor on compliance risks, emerging regulatory requirements and strategic security initiatives.
• Lead enterprise control assurance and compliance testing programs, identifying gaps, driving remediation and ensuring continuous improvement.
• Maintain audit readiness through routine control evaluations, evidence management and collaborative remediation planning across functions.
• Oversee the 3rd party vendor security assessment function, due diligence and risk scoring, ensuring alignment with internal standards and regulatory obligations.
• Act as a subject matter expert for security assessments and guide responses to questionnaires.
• Lead interactions with examiners, audit and client review teams.
• Drive enterprise readiness for regulatory examinations and coordinating cross-functional preparation.
• Direct enterprise security risk assurance reviews and ensure risks are documented, communicated and addressed effectively through structured risk management plans.
• Build, mentor and empower a high-performing compliance and assurance team, fostering a culture of accountability, growth and partnership.
• Communicate complex regulatory and technical topics in accessible terms to executives, business leaders, clients and operational teams.
• Continue to build strong trusted relationships across IT, Audit, Legal, Privacy and Risk Management teams.
• Performs additional responsibilities as requested to meet overall business objectives.

Requirements

• Bachelor’s degree in Computer Science or a related discipline
• Established foundation in cyber law, regulatory compliance or equivalent experience working closely with legal and regulatory bodies.
• 8+ years in information security, compliance, audit, legal and/or cyber risk management roles with increasing leadership responsibility.
• Demonstrated experience managing regulatory interactions, security audits, and enterprise compliance programs.
• Proven skills leading and developing high-performing teams in complex, regulated environments.
• Established understanding of cybersecurity regulatory landscapes and assurance practices within large organizations.
• Passion for leading, coaching, and developing team members.
• Agile Methodologies: Knowledge of concept and principles of agile methodology; ability to apply appropriate agile approaches in the processes of software development and delivery.
• Coaching Others: Knowledge of coaching and mentoring concepts and methods; ability to encourage, motivate, and guide individuals in learning and improving effectiveness.
• Information Security Management: Knowledge of the processes, tools and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling and preventing violations of IT security.
• IT Governance: Knowledge of the accountability framework and processes used to encourage proper behavior in IT activities and operations; ability to implement IT systems and controls to meet business needs and requirements.

Nice-to-haves

• Juris Doctorate or Master’s in Cybersecurity
• CISSP, CISM, CISA, CRISC or equivalent credentials

Benefits

• Equitable provides compensation to reward performance with base salary increases, spot bonuses, and short-term incentive compensation opportunities.
• For eligible employees, Equitable provides a full range of benefits. This includes medical, dental, vision, a 401(k) plan, and paid time off.

Apply tot his job Apply To this Job