The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations, protecting the global economy by enhancing cybersecurity and resiliency through standardization. Our Financial Services Cybersecurity Profile tool is the benchmark for cyber security and resiliency in the financial services industry. As an organization, CRI maintains the Profile and is guided by our membership of over thirty leading financial services firms around four key lines of effort – expanding the Profile’s use among industry, educating the regulatory community on the Profile to drive their acceptance, integrating additional regulations into the Profile to expand its reach, and developing the Profile into an online Platform.
CRI is a separate division of the Bank Policy Institute (BPI) and often works with BPI’s BITS team. Launched in May 2020, CRI is building a lean, highly collaborative staff. This position is traditionally located in Washington, D.C. but can also be remote (with the ability to travel to D.C. as required post-pandemic).
The AVP CRI will support the development and implementation of CRI by handling technical, program, and administrative/project management functions within CRI. This individual will interface directly with executive and/or C level personnel from CRI’s member institutions, facilitating their contributions to various CRI Committees, working groups, and workstreams. The AVP CRI would lead these individuals in developing and integrating financial services cyber standards and regulations into the Profile. As part of that responsibility, the AVP CRI will:
- Serve as the primary interface with standards development organization personnel from organizations such as NIST and ISO.
- Ensure the Profile is formatted to be integrated into various governance, risk and compliance platforms by converting the Profile into application formats such as Java Script Object Notation (JSON) and other relevant interface formats.
- Research and analysis on assigned issues and projects, such as identifying and tracking relevant consultations and comment periods of interest to CRI’s mission and membership such as Federal Register notices for NIST and financial services regulatory agencies (FFIEC, FRB, OCC, FDIC, NCUA, SEC, CFTC).
- Drafting and/or editing CRI collateral documents – such as official letters, website content, external communications and briefing material, and internal records.
- Recording formal minutes or informal notes for specific meetings.
- Monitoring and managing CRI Committee and working group schedules.
As a new addition to a small team, this role requires an individual who is a self-starter, capable, flexible, and innovative, and possesses strong communication skills and critical thinking. This person would be capable of working independently as well as part of a team. Additional qualifications include:
- A bachelor’s degree in a relevant field.
- Detailed technically oriented mind with comfort in performing research work.
- Comfortable exploring new technology and the building of “apps.”
- Able to communicate effectively whether in-person or when remote.
- Experience or interest in project management, operations and/or administration management.
- A background or interest in cybersecurity policy, financial services, financial services technology, and project management is preferred.
To be considered for this role, please submit a cover letter, résumé / CV, and short writing sample.