Description The Director of Cybersecurity Strategy, Innovation, and Governance (DCSIG) position will lead the development and execution of strategic initiatives that drive cybersecurity maturity, governance excellence, and continuous innovation and integration of information security across the organization. This leadership role is key in shaping the future of our cybersecurity program, with a strong emphasis on integrating information security within the larger business, interfacing and with internal and external stakeholders, improving risk management controls, and enhancing security capabilities. The successful candidate will work collaboratively with senior leadership within information security, business units, and external partners to create and drive a forward-thinking cybersecurity strategy that adapts to the evolving threat landscape and advances our organization's overall security posture. Key Responsibilities: Cybersecurity Strategy Development & Maturity + Lead the collaborative design and execution of a comprehensive cybersecurity strategy aligned with business objectives, risk management goals, regulatory and industry guidance, and long-term growth. + Define the cybersecurity roadmap and maturity model, ensuring alignment with the organization's broader business and technology strategies. + Continuously assess and refine the strategy to stay ahead of emerging threats, technology advancements, banking trends, business direction, and evolving regulatory requirements. Governance & Risk Management + Oversee the development and implementation of cybersecurity governance frameworks, policies, and standards to ensure effective risk management and compliance with applicable regulations and industry standards (e.g., FFIEC, NIST, GLBA, SOX, PCI DSS, CRI, ISO 27001). + Develop and maintain a risk and control matrix (RCM) covering information security capabilities and activities. + Partner with 1LOD Risk, integrate and facilitate information security related activities within the Risk and Control Self-Assessment (RCSA) program. + Conduct various self-assessments to facilitate programmatic maturity, supporting insurance, and regulatory/legal requirements. + Facilitate and support external and oversight engagements. + Foster a culture of cybersecurity accountability by ensuring that governance processes are embedded into the organization's business and technology operations. + Coordinate proactive identification of control gaps, and drive treatment of open issues. + Establish and maintain effective risk reporting mechanisms to senior management and the board of directors. Cybersecurity Innovation + Identify and evaluate new technologies, methodologies, and solutions to improve the organization’s cybersecurity posture and enhance the ability to detect, prevent, and respond to threats. + Collaborate with technology and business teams to explore innovative ways to integrate cybersecurity practices seamlessly into existing and future products and services. + Foster a culture of continuous improvement by championing innovative solutions and processes that increase the efficacy of security controls, enhance overall cybersecurity resilience, and improve the user experience of internal and external cybersecurity stakeholders. Control Efficacy & Continuous Improvement + Evaluate the effectiveness and efficiency of current cybersecurity controls and recommend enhancements to improve the organization's security posture. + Implement strategies to optimize existing security tools, processes, and teams to better align with evolving risks and business needs. + Measure and track key performance indicators (KPIs) and metrics to assess the success of cybersecurity initiatives and improvements. + Lead Process Engineering group, responsible for process related: mapping, analytics, improvement/recommendations, performance metrics, and gearing ratios Leadership & Collaboration + Lead a cross-functional team of cybersecurity professionals in driving strategy execution and innovation initiatives. + Serve as a trusted advisor to senior executives, business leaders, and stakeholders, providing expert guidance on strategic cybersecurity matters. + Work cross-functionally, including within Technology, Legal, Compliance, and Risk Management, to ensure cohesive and coordinated efforts in cybersecurity strategy execution. Cybersecurity Reporting + Develop regular cybersecurity reports for executive leadership and risk committees, ensuring alignment and accuracy of content + Translate complex cybersecurity threats and risks into clear, concise, and actionable insights for senior executives and Board members + Collaborate with legal, compliance, and risk management teams to ensure cybersecurity reporting aligns with governance frameworks and regulatory requirements + Develop, maintain, and enhance existing portfolio of cybersecurity metrics, focusing on business outcomes and supporting effective cyber risk management + Leverage automated data collection and analytics capabilities to reduce manual processes for collection and presentation of metrics Basic Qualifications: + Bachelor's degree in a related field. + 10+ years of experience in Cybersecurity, + 5 years in Cyber Leadership roles focused on Strategy, Governance, and Innovation. + 5 Years in developing and executing large-scale Cybersecurity Programs that align with business and Risk Management objectives, ideally within financial services. + 5 Years experience in Cybersecurity Governance, Risk Management, Compliance, and Policy Development. Preferred Qualifications: + Strong ability to balance strategic thinking with tactical execution. + Collaborative mindset with the ability to work across functions and with external partners. + Results-driven, with a commitment to continuous improvement and innovation in cybersecurity practices. + Proven ability to thrive in a fast-paced, ever-changing threat landscape. + Excellent strategic thinking, problem-solving, and analytical skills. + Exceptional ability to drive clarity and build consensus. + Strong leadership abilities with experience managing cross-functional teams and influencing senior leadership. + Outstanding communication skills, including the ability to present complex concepts to non-technical stakeholders. + Strong knowledge of security technologies (SIEM, DLP, ZTNA, encryption, etc.) and frameworks (NIST, CRI, ISO, etc.). + Deep understanding of emerging cybersecurity technologies, regulations, innovation trends, and effective industry practices. #Hybrid #LI-SG1 Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay) Yes Workplace Type: Office Our Approach to Office Workplace Type Certain positions outside our branch network may be eligible for a flexible work arrangement. We’re combining the best of both worlds: in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team. Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law. Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details. Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position