Sr. Director, Cyber Risk and Trust

Position Overview

Asurion is seeking a Sr. Director, Cyber Risk and Trust, to lead the enterprise function responsible for strengthening customer trust, governing cybersecurity risk, enabling regulatory and framework alignment, and advancing a security-aware culture. Reporting to the Chief Information Security Officer, this leader will own and mature programs spanning customer audit and compliance, cyber risk management, policy and standards governance, control framework alignment, third-party cyber risk, and cyber awareness and culture.

The ideal candidate is a strategic, business-oriented cybersecurity leader who translates complex security, compliance, and regulatory requirements into clear decisions, scalable governance processes, measurable risk reduction, and stronger customer confidence. This leadership role requires executive presence, deep cybersecurity governance expertise, and the ability to influence senior stakeholders while coaching a high-performing team.

Key Responsibilities

• Define and execute the Cyber Risk and Trust strategy, operating model, roadmap, and metrics, delivering an enterprise-wide approach to governance, risk, compliance, assurance, and trust enablement.
• Partner with security, technology, legal, privacy, procurement, internal audit, product, sales, and business leaders to prioritize and remediate cyber risk, and to align security with business objectives.
• Develop executive reporting that communicates risk posture, control maturity, audit readiness, policy compliance, third-party exposure, customer assurance activity, awareness effectiveness, and progress against objectives.
• Own the customer-facing trust and assurance program, including audits, security questionnaires, evidence requests, and attestations; standardize evidence, reduce cycle time, and maintain a customer-ready trust repository.
• Lead the enterprise cyber risk management program, including methodologies, assessments, quantification, treatment, exception management, and a maintained risk register with clear ownership and remediation tracking.
• Establish and govern cybersecurity policies and standards; run approval forums, manage exceptions, and ensure requirements are enforceable, measurable, and mapped to business needs and control owners.
• Drive regulatory and framework alignment across NIST, ISO, SOC 2, CIS Controls, PCI DSS as applicable, and international models (UK, Germany, Japan, Korea, Singapore, Latin America); lead mappings, gap analyses, and remediation plans.
• Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding, and offboarding.
• Build a modern, behavior-focused cyber awareness and culture program with role-based training, campaigns, and simulations; measure impact through behavior and incident metrics.
• Recruit, develop, and lead a high-performing team across assurance, risk, governance, third-party risk, and awareness; establish operating rhythms, SLAs, intake, prioritization, and quality standards.
• Represent the function in executive forums, customer meetings, and governance committees; translate technical issues into business impact and decision-ready recommendations; serve as a senior escalation point.

Education and Experience

• Masters degree or higher in cybersecurity, information systems, computer science, risk management, business, or related field, or equivalent practical experience preferred.
• 15+ years of progressive experience in cybersecurity, technology risk, GRC, security assurance, audit, third-party risk, or related disciplines.
• 12+ years leading teams, managers, or cross-functional cybersecurity programs in complex enterprise environments.
• Demonstrated leadership in cybersecurity governance, risk management, compliance, customer assurance, policy and standards, third-party risk, and security awareness programs.
• Deep knowledge of NIST CSF, NIST SP 800-series, ISO/IEC 27001/27002, SOC 2 Trust Services Criteria, and CIS Controls.
• Strong working knowledge of international frameworks and expectations in the UK, Germany, Japan, Korea, Singapore, and Latin America.
• Experience leading customer audits, security questionnaires, contractual security reviews, and external assurance activities with standardized evidence management.
• Experience developing and operationalizing cybersecurity policies, standards, and procedures; conducting control maturity assessments and framework mappings.
• Experience building and operating third-party cyber risk management programs with risk-based assessments and ongoing monitoring.
• Proven ability to communicate cyber risk to executive, technical, legal, commercial, and customer audiences, balancing risk reduction with business velocity.
• Preferred: Master’s degree in a relevant field; certifications such as CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Implementer or Lead Auditor, CGEIT, CCSP, CIPM, CIPT, CDPSE.
• Preferred: Experience in large global enterprises; board and ERM reporting; GRC and TPRM platforms; trust centers and questionnaire automation; privacy regimes (GDPR, CCPA/CPRA, LGPD, PIPA, APPI, PDPA); and assurance programs (ISO/IEC 27001, SOC 2, PCI DSS, HITRUST, CSA STAR).

Knowledge, Skills, and Abilities

• Executive presence with the ability to influence senior stakeholders and represent cybersecurity to customers and internal leadership.
• Strong risk judgment and pragmatic decision-making that balances regulatory obligations, customer commitments, and operational feasibility.
• Expertise in policy and standards governance, control design, audit readiness, and evidence management.
• Ability to build scalable governance processes, metrics, KRIs, and clear reporting for executives and boards.
• Deep understanding of third-party risk, contractual security terms, right-to-audit provisions, and ongoing monitoring practices.
• Skilled in change leadership, process improvement, and cultivating a positive, accountable security culture.
• Outstanding written and verbal communication; simplifies complex technical and regulatory topics for diverse audiences.
• People leadership that develops talent, sets clear expectations, and builds high-performing, customer-oriented teams.

Travel Requirements

N/A

Physical Demands

• Stationary Position: Frequently
• Vision: 20/20 corrected vision
• Hearing: Receive detailed information if spoken to