Job Description

Assistant Director - Cyber Risk

Department of Operations

Bermuda Monetary Authority (Authority or BMA) is seeking the services of a skilled and capable

individual to work as an Assistant Director - Cyber Risk in our Department of Operations. Reporting

to the Deputy Director - Cyber Risk, the Assistant Director - Cyber Risk will be responsible for

supervising all aspects of cyber risk supervision for BMA-regulated entities by way of effective

plans and schedules, demonstrating leadership qualities and communication skills that provide the

basis of quality service and performance of duties.

This is a key role for the Authority, and the post-holder will be responsible for:

Conducting meetings and on-site security reviews of regulated entities for compliance with the

Authority's standards, comparable to such frameworks as NIST, ISO 27001, COBIT, etc., before making

operational cyber risk assessments, building rating profiles and recommending security controls

improvements. Managing the creation of evaluation/on-site reports. Identifying risk to regulated

entities associated with the intelligence topic. Advising and supporting the Authority's

supervisory departments regarding ongoing cyber supervision

Working in consultation with Banking, Trust, Corporate Services and Investments (BTCSI),

Insurance and Financial Technology supervisors to manage the creation of on-site operational cyber

risk schedules and supervisory plans based upon professional judgement and operational cyber risk

model ratings arising from prudential filings, previous on-sites, cyber threat intelligence and

other relevant inputs

Keeping under review the design of operational cyber risk supervisory frameworks for on-site and

off-site supervision of BMA-regulated entities and ensuring that these operational cyber risk

frameworks are aligned with international standards

Working in consultation with Supervisory, Policy Development, Legal Services and Enforcement and

other relevant departments in preparation for the drafting of operational cyber risk supervisory

policies, procedures, guidance notes and legislative drafting instructions

Reviewing regulated entity cyber risk submissions for both licensing applications and prudential

filings and producing risk and compliance reports for relevant sector supervisors

Performing duties as a member of the FinTech and InsurTech Innovation Working Groups, assisting

them with administering the regulatory sandboxes and innovation hubs, particularly as it relates to

cybersecurity analysis and advice

Oversees performance of individual team members, provides direction, mentoring and feedback.

Conducts formal performance appraisal discussions as prescribed by the performance management

process.

Managing the research of emerging cyber threats. Applying an analytical understanding of hacker

methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.

Producing threat intelligence, providing situation awareness of cyber threats impacting regulated

entities' digital assets. Communicating to regulated entities and senior leadership both

quantifiable and qualitative cyber risk to the enterprise through briefings and threat intelligence

reports

Collaborating with technical analysts to provide indications and warnings and conduct predictive

analyses of potentially malicious activity

Advising the supervisory units on the use of machine learning and advanced security software Performing other related work and special projects as assigned by management in accordance with

competencies normally associated with the post

This position requires a proven technical and business background; therefore, the post-holder must

have:

A master's degree in computer science, information technology, telecommunications or equivalent

education/designation or related work experience together with formal education in the areas of

CISSP, EC-Council CISO certifications, CISM, CISA, Security+, ISO, ITIL and privacy certifications

A minimum of ten (10) years of cyber risk experience as a cybersecurity specialist or similar

role in the financial services sector, preferably in the regulatory environment. Experience must

include at least five (5) years of senior-level experience

Experience in managing and mentoring direct reports Knowledge of Bermuda's Insurance Act 1978, Digital Asset Business Act 2018, cyber codes of

conduct and associated frameworks is required

Experience in drafting of policies and legislative drafting Solid understanding and experience with encryption, PKI and key protection The ability to conduct third-party security reviews Effective communication skills Experience with distributed ledger technology and digital assets

The Authority is the integrated regulator of the financial services sector in Bermuda. We offer the

opportunity for broad exposure to international regulatory issues, special projects and a variety

of work experiences.

If you are looking for a challenging opportunity in a team environment, we invite you to submit

your application online via our 'Careers' page at www.bma.bm. Applications for this position must

be received no later than

16 July 2025.

BMA House | 43 Victoria Street | Hamilton HM 12 | Bermuda |

Tel: (441) 295 5278

Bermuda Monetary Authority is an Equal Opportunity Employer.

Individual Excellence...Collective Strength