Head of Cyber & Technology Risk

Enterprise Risk Management is hiring a Head of Cyber & Technology Risk to assist in strengthening the technology risk and control environment that protects the firm’s systems, data, and operations. In this role, you’ll partner closely with Technology Leadership and key second‑line stakeholders to identify, assess, and monitor risk; enact pragmatic control improvements; and provide clear, actionable guidance that enables secure delivery. You’ll bring strong judgment, executive‑ready communication, and the ability to translate complex technical risks into focused priorities and outcomes.

Strategic Leadership & Executive Advisory

• Serve as a senior advisor to Technology leaders on cyber and technology risk across known issues, evolving threats, and emerging technologies.
• Influence enterprise strategy and provide credible challenge to senior stakeholders to ensure risk remains within the firm’s risk appetite.
• Anticipate regulatory and industry expectations; translate them into forward‑looking guidance that shapes program roadmaps.
• Represent Cyber & Technology Risk on firm‑wide committees, working groups, and—when needed—client and external partner discussions.
• Own and continuously enhance the cyber and technology risk program, including policies, standards, and independent control assessments.
• Escalate material risks, high‑severity issues, and emerging trends to Technology leadership and relevant governance forums.
• Oversee corrective action plans and validate closure; analyze themes and root causes across audit and regulatory findings and operational risk events.
• Lead risk reviews for new products, services, and material changes; partner with Legal, Compliance, and Risk teams to align decisions to risk tolerance.
• Coordinate external assurance activities (e.g., SOC 2), including evidence management, walkthroughs, and timely responses to requests.
• Partner with Internal Audit, Compliance, and Legal to continuously strengthen the firm’s risk and control infrastructure.

Policies, Standards & Enablement

• Maintain and enhance technology risk policies and standards, translating regulatory expectations into practical, implementable requirements.
• Contribute to AI governance and oversight by supporting control design, risk assessments, and adoption of firmwide guardrails.
• Design and deliver risk and control training that improves awareness, ownership, and day‑to‑day execution across Technology.
• Partner with Information Security to refresh security awareness content and embed coverage of emerging risks (e.g., phishing, third‑party, cloud, and AI).

Leadership, Talent & Engagement

• Build trust‑based relationships across Technology to ensure early engagement on strategy, roadmaps, major initiatives, and ongoing activities.
• Set priorities and an operating rhythm for the Cyber & Technology Risk team to deliver high‑quality outcomes efficiently and consistently.
• Develop talent with strong business acumen and the ability to engage credibly with senior stakeholders.
• Hire, coach, and manage performance to build and retain a high‑performing team.
• Foster a culture of intellectual curiosity, constructive challenge, and continuous improvement.

What You Bring

• 15+ years of experience in technology risk management, technology audit, controls, or a related discipline within financial services or another highly regulated environment.
• Bachelor’s degree required; advanced degree preferred. Certifications such as CPA and/or CIA are a plus.
• A proven, senior‑level risk leader with the credibility to advise—and appropriately challenge—Technology executives.
• Demonstrated ability to influence at the enterprise level and shape strategy through clear, data‑informed risk perspectives.
• A track record of building and leading high‑performing teams and developing future leaders.
• Deep knowledge of risk management concepts, frameworks, and assessment methodologies.
• Strong technical fluency across IAM, network and endpoint controls, data platforms, legacy environments, cloud, and AI‑enabled capabilities.
• Demonstrated information security experience and a working understanding of the cyber threat landscape.
• Strong understanding of IT regulatory expectations and compliance requirements.
• Ability to balance business priorities with risk considerations and communicate trade‑offs clearly to senior management.
• Excellent relationship management and executive communication skills; able to simplify complex topics without losing rigor.
• Experience coordinating cross‑location initiatives and aligning stakeholders across functions and geographies.

Salary Range

NJ & MA: $170,000 - $230,000 base salary + annual target bonus.

BBH and its affiliates’ compensation program includes base salary, discretionary bonuses, and profit‑sharing. The anticipated base salary range(s) shown above are only for the indicated location(s) and may differ in other locations due to cost of living and labor considerations. Base salaries may vary based on factors such as skill, experience, and qualification for the role. BBH’s total rewards package recognizes your contributions with more than just a paycheck—providing you with benefits that enhance your experience at BBH from long‑term savings, healthcare, and income protection to professional development opportunities and time off, our programs support your overall well‑being.

We value diverse experiences, transferrable skillsets, and non‑traditional career paths. Candidates who do not meet every qualification listed should still apply.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.