Director, Cyber Security Testing & Assurance

Description

Director, Cyber Security Testing & Assurance

Overview
We are seeking a highly experienced security leader to build and lead our Cyber Security Testing and Assurance organization. This role will have enterprise-wide responsibility for network penetration testing, red teaming, continuous control testing, cyber exercises, simulations, and assurance programs. The Lead Director will define strategy, manage execution, and ensure that testing and assurance activities provide actionable insights that strengthen the organization’s security posture and resilience.

Reporting directly to senior leadership, this leader will partner with technology, risk, compliance, and business stakeholders to validate controls, identify gaps, and provide assurance that security investments are effective against real-world threats.

Location: Candidates must be based in or willing to commute to one of the following hub locations with a hybrid schedule of four days onsite and one day remote per week:

Johnston, RI – One Citizens Bank Way

Pittsburgh, PA – 444 Liberty Ave

Westwood, MA – 200 Station Drive

Iselin, NJ – 101 Wood Avenue South

Boston, MA – 28 State Street

Key Responsibilities

Strategic Leadership

• Define and execute the vision and strategy for Cyber Security Testing and Assurance.
• Establish program governance, KPIs, and reporting to senior executives and the Board.
• Align testing and assurance activities with enterprise risk appetite and regulatory requirements.

Network Penetration Testing & Red Team

• Lead internal and external penetration testing programs, ensuring full coverage of enterprise assets.
• Oversee red team operations to simulate real-world adversaries and advanced persistent threats.
• Translate findings into prioritized, actionable remediation plans.

Continuous Control Testing & Assurance

• Develop and manage continuous testing of technical and process-level controls across cyber domains.
• Validate control effectiveness against frameworks such as NIST CSF, CIS, ISO, and FFIEC.
• Deliver executive-level assurance reporting to demonstrate security maturity and control effectiveness.

Exercises & Simulations

• Design and lead tabletop exercises, purple team engagements, and large-scale simulations.
• Partner with incident response, business continuity, and risk teams to test preparedness and response capabilities.
• Drive lessons-learned programs to enhance resilience and reduce response times.

Leadership & Influence

• Build and lead a high-performing team of penetration testers, red teamers, control testers, and assurance specialists.
• Influence senior technology and business leaders to close gaps and strengthen controls.
• Act as a trusted advisor to executives on threat readiness, resilience, and security assurance.

Qualifications

• 12+ years of progressive experience in cybersecurity, with at least 5+ years in testing, assurance, or offensive security leadership roles.
• Proven experience leading large-scale penetration testing, red team operations, or cyber assurance programs.
• Deep knowledge of security frameworks (NIST CSF, MITRE ATT&CK, CIS, ISO 27001) and regulatory expectations (PCI DSS, SOX, FFIEC, etc.).
• Familiarity with tools and techniques for red teaming, pen testing, and control validation (e.g., Burp Suite, Cobalt Strike, Metasploit, Qualys, Tenable, or similar).
• Strong track record of partnering with senior stakeholders, translating technical risks into business impacts.
• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s or certifications such as CISSP, OSCP, GPEN, GXPN, CISM, or CRISC preferred).

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.