Cyber Governance Senior Associate
Company: BlackRock
Location: Wilmington
Posted on: November 1, 2025
|
|
|
Job Description:
Join our global team of cyber security experts, protecting our
business and developing exciting capabilities on the frontline of
cyber defense. The Cyber Governance team is responsible for
delivering a coordinated, integrated approach to cybersecurity
policy, risk, and compliance management within the Information
Security organization. Operating as a first-line risk function, the
team partners with internal and external stakeholders to manage
security policies, assess risks, and ensure alignment with
regulatory requirements. We are looking for a person with 5 years
of Information Security experience, performing governance, risk and
compliance management for large Financial Services firms, or 4
years in a related consulting role. This role will support the
governance and oversight of the BlackRock Information Security
program, ensuring alignment with regulatory expectations and
internal policies, and influencing the management of cybersecurity
risks across the organization. Responsibilities: • Assist in the
development, maintenance and communication of information security
policies, standards, and procedures. • Support internal risk
assessments and continuous controls monitoring activities. •
Maintain a framework with key cybersecurity controls and evidence
owned by Information Security personnel. • Facilitate testing of
control design and effectiveness. Engage with global SMEs to update
and maintain the control/evidence framework, and to develop test
steps. • Facilitate program assessments, audits and regulatory
reviews, and provide documentation and evidence as needed • Develop
presentations and materials for senior and executive management,
Boards, and regulators. Maintain a global resource with all
regional presentations to boards, committees and regulators. •
Support regulatory developments, including monitoring new
regulations, and preparing actions for new regulatory requirements.
• Support the development and maintenance of cybersecurity metrics
and key risk indicators (KRIs). • Track and report on cybersecurity
risk issues, including identified findings from audits, program
assessments, and regulatory reviews. • Identify potential areas of
improvement, and engage in process/control improvements of the
Information Security program, in any area where enhancements are
needed or appropriate. • Stay informed on emerging cyber threats,
regulatory changes, and industry best practices. • Maintain strong
working relationships with individuals and groups involved in
managing information risks across the organization. • Maintain and
update information security-related program documents (e.g.,
Information Security Program Overview, Risk Management handbook,
roles and responsibilities matrices, etc.) as needed. BlackRock is
committed to building great Cyber Security careers for our people,
and we are looking for an individual with a passion for cyber
security defense to continue the growth of our exceptional team.
What the ideal candidate looks like: • Strong documentation and
process-oriented background with leading and managing complex
Technology projects. • Detail-oriented with a strong sense of
accountability and follow-through. • Ability to proactively take
initiative on assigned projects and tasks, and to anticipate risks,
identify gaps, and suggest enhancements before issues escalate. •
Excellent prioritization capabilities, with an aptitude for
breaking down work into manageable parts, effectively assessing the
priority and time required to complete each part. • Ability to
effectively influence others to account for the plans and
collaborative behaviors for results. • Ability to communicate
complex and technical issues to diverse audiences, orally and in
writing, in an easily understood, authoritative, and actionable
manner. • Ability to identify and assess cybersecurity threats,
risks and controls to cost-effectively mitigate risks. • Strong
decision-making abilities. • Ability to react to high pressure
dynamically changing environments. • Ability to manage multiple
priorities and stakeholders in a fast-paced environment, and to pay
attention to sources of information from inside and outside one’s
network within an organization. • Ability to apply original and
innovative thinking to produce new ideas and create innovative
products, solutions, or approaches. • Disciplined with
interpersonal skills to work well in a global environment,
complementing teams in multiple remote locations. Candidates will
be evaluated primarily upon their ability to demonstrate the
competencies required to be successful in the role, as described
above. For reference, the typical work experience and educational
background of candidates in this role are as follows: • BS in MIS,
Computer Science, Information Security, or a related field • 5
years in Information Security. Experience in a regulated industry
(e.g., finance, healthcare, etc.) is highly desirable. • 3 years of
experience in information security governance, risk and compliance
management. • 3 years of experience with developing and maintaining
information security program documentation, including creating and
maintaining information security policies and standards. • Working
knowledge of information security management frameworks (e.g., NIST
Cybersecurity Framework (CSF), ISO/IEC 27001, COBIT, CIS Controls,
etc.) • Experience with cybersecurity metrics and KRI development •
Experience with developing senior management and executive-level
communications • Certified Information Systems Security
Professional (CISSP), Certified Information Security Manager
(CISM), Certified in Risk and Information Systems Control (CRISC),
and/or Certified Information Systems Auditor (CISA) preferred. •
Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint,
Outlook). • Experience with GRC platforms (e.g., ServiceNow,
Archer, etc.) is a plus. For Wilmington, DE Only the salary range
for this position is USD$110,000.00 - USD$138,000.00 .
Additionally, employees are eligible for an annual discretionary
bonus, and benefits including healthcare, leave benefits, and
retirement benefits. BlackRock operates a pay-for-performance
compensation philosophy and your total compensation may vary based
on role, location, and firm, department and individual performance.
To help you stay energized, engaged and inspired, we offer a wide
range of benefits including a strong retirement plan, tuition
reimbursement, comprehensive healthcare, support for working
parents and Flexible Time Off (FTO) so you can relax, recharge and
be there for the people you care about. BlackRock’s hybrid work
model is designed to enable a culture of collaboration and
apprenticeship that enriches the experience of our employees, while
supporting flexibility for all. Employees are currently required to
work at least 4 days in the office per week, with the flexibility
to work from home 1 day a week. Some business groups may require
more time in the office due to their roles and responsibilities. We
remain focused on increasing the impactful moments that arise when
we work together in person – aligned with our commitment to
performance and innovation. As a new joiner, you can count on this
hybrid model to accelerate your learning and onboarding experience
here at BlackRock.
Keywords: BlackRock, Wilmington , Cyber Governance Senior Associate, IT / Software / Systems , Wilmington, Delaware
