Lead - Cyber Risk & Control Monitoring

Lead – Cyber Risk & Control Monitoring Position Summary Do you want to be part of a collaborative Cybersecurity Governance team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise? As the Lead, Cybersecurity Continuous Control Monitoring (CCM), you will help oversee the operating model and day-to-day execution of the organization’s Information Security continuous control monitoring program. You will partner across Information Security, Technology, Risk Management, and Internal Audit to define control design and objectives, instrument and automate control monitoring where feasible, evaluate control performance through data-driven testing, and drive timely remediation of control gaps. This role serves as a central point of coordination across Information Security, Risk Management, Internal Audit, Legal, Privacy, and Technology teams—establishing governance routines, reporting, and accountability to continuously improve the security control environment, reduce risk exposure, and maintain alignment with regulatory expectations and internal standards. You are Passionate about cybersecurity and IT risk management Curious about relevant technology risks (emerging technology, current events, etc.) and their impact on business functions Driven to accelerate impact and lead change Detail oriented Flexible and resourceful in managing multiple priorities An excellent communicator with the ability to explain security concepts in simple, business relevant terms Able to effectively collaborate within your own team and across the organization You have Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience) 7+ years of experience in information security, IT risk, technology audit, compliance, GRC, or control testing/assurance functions Demonstrated experience leading audit, risk, or assurance activities—including evidence strategy, walkthroughs, testing, and issue remediation Strong stakeholder management and executive communication skills; ability to translate technical control results into business risk Experience defining control objectives, designing testing approaches (manual and automated), and identifying corrective actions that address root cause Working knowledge of security, risk, regulatory, and control frameworks (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS 500, etc.) and experience mapping controls across frameworks Experience producing executive-ready artifacts (dashboards, risk narratives, committee materials, audit packages) and facilitating governance forums Experience working with and assessing cloud and SaaS environments (AWS, Azure, GCP) including shared responsibility models and cloud security controls Understanding of AI/ML security and governance considerations (e.g., data protection, model risk, third-party AI, secure use/monitoring) is a plus Hands-on experience with GRC and control/issue management workflows (e.g., ServiceNow) and building repeatable evidence processes Ability to work with control telemetry and reporting and perform data analysis to identify trends, outliers, and control breakdowns Relevant certifications preferred (e.g., CISSP, CISM, CRISC, CISA, Security+, CCSP) You will Continuous Monitoring & Control Oversight Help lead the design, execution, and continuous improvement of the information security continuous control monitoring (CCM) program Maintain a prioritized control inventory and define control objectives, owners, evidence sources, testing frequency, and monitoring methods Define and monitor KPIs/KRIs and produce recurring dashboards for leadership (control health, exceptions, overdue actions, and risk trends) Oversee control testing and monitoring cycles (manual and automated), including data quality checks, sampling standards, and alignment to internal frameworks Partner with control owners to instrument monitoring, reduce manual evidence collection, and improve control reliability through automation Establish an intake and triage process for control exceptions, audit findings, and emerging risks to ensure consistent severity, ownership, and due dates Audit & Assessment Coordination Lead coordination of internal audits, external audits, and third-party assessments, including scoping, evidence planning, walkthroughs, and stakeholder alignment Oversee responses to audit requests and findings, ensuring accuracy, consistency, and traceability to control design and operation Drive ongoing readiness for recurring assessments (e.g., SOC 2, internal audits, etc.) through continuous evidence and control health reporting Remediation Governance Establish and enforce an issue management lifecycle for findings/control gaps (intake, risk rating, action plans, due dates, status reporting, closure criteria) Challenge and validate remediation plans to ensure root-cause correction, appropriate compensating controls, and measurable risk reduction Escalate overdue, high-severity, or systemic issues through established governance forums and senior leadership reporting Validate remediation effectiveness through follow-up testing and define clear closure criteria to prevent re-occurrence Reporting & Cross-Functional Collaboration Develop executive-level reporting on control effectiveness, audit status, and remediation progress Partner with: Security Engineering & Operations Enterprise Risk Management Internal Audit Privacy & Legal Promote a culture of accountability, transparency, and continuous improvement through coaching, documentation standards, and consistent follow-through Reporting relationships As our Lead, Cybersecurity Continuous Control Monitoring, you will report to our Head of Cybersecurity Governance who reports to our Deputy Chief Information Security Officer. Location Three days a week at our Guardian office in New York, NY or Bethlehem, PA Salary Range: $118,980.00 - $195,465.00 The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation. Our Promise At Guardian, you’ll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards. Inspire Well-Being As part of Guardian’s Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at

Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits. Equal Employment Opportunity Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law. Accommodations Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact . Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site. Visa Sponsorship Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship. Notice Regarding Guardian’s Use of Artificial Intelligence in Recruitment As part of Guardian’s job application process, Guardian may use artificial intelligence tools (“AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian’s jobs website (Careers at Guardian at

At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues. Please be aware that if you apply for a specific position with Guardian, you will have the choice of opting out of Guardian’s use of AI Tools during the job application process. If you would like to request an alternative process that does not utilize AI Tools or would like to request a reasonable accommodation, within ten business days of your position application, you must email your request to , making sure to provide your name and job requisition identification number. Guardian will retain your applicant materials and resume and all information therefrom in accordance with Guardian’s document retention policy, a copy of which you may request via . Additionally, at applicable times, Guardian will make public the most recent bias audit results for such AI tools, which may be found here. Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday. Every day, Guardian helps our 29 million customers realize their dreams through a range of insurance and financial products and services. Our Purpose, to inspire well-being, guides our dedication to the colleagues, consumers, and communities we serve. We know that people count, and we go above and beyond to prepare them for the life they want to live, focusing on their overall well-being — mind, body, and wallet. As one of the largest mutual insurance companies, we put our customers first. Behind every bright future is a GuardianTM. Learn more about Guardian at guardianlife.com. Visa Sponsorship: Guardian Life is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant, you must be legally authorized to work in the United States, without the need for employer sponsorship.