Asurion Corporation

Sr. Director, Cyber Risk and Trust

Asurion Corporation$150K — $200K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Masters degree or higher in cybersecurity, information systems, or related field preferred.
  • 15+ years of experience in cybersecurity, risk management, or related disciplines.
  • 12+ years of leadership experience in complex enterprise environments.
  • Deep knowledge of cybersecurity governance, compliance, and risk management frameworks.
  • Proven ability to communicate cyber risk to executive and non-technical audiences.

Responsibilities

  • Define and execute the Cyber Risk and Trust strategy and metrics.
  • Collaborate with various business leaders to prioritize and mitigate cyber risks.
  • Develop and present executive reporting on risk posture and compliance.
  • Oversee the customer-facing trust and assurance program, streamlining processes.
  • Lead the enterprise cyber risk management program and maintain a risk register.
  • Establish and govern cybersecurity policies and standards across the organization.
  • Drive alignment with international regulatory frameworks and lead remediation efforts.

Benefits

  • Professional development opportunities for career growth.
  • Collaborative and innovative work environment.
  • Competitive benefits package including health and wellness programs.
  • Opportunity to influence the organization’s cybersecurity strategy.
  • Access to cutting-edge technology and training resources.
Full Job Description
Position Overview

Asurion is seeking a Sr. Director, Cyber Risk and Trust, to lead the enterprise function responsible for strengthening customer trust, governing cybersecurity risk, enabling regulatory and framework alignment, and advancing a security-aware culture. Reporting to the Chief Information Security Officer, this leader will own and mature programs spanning customer audit and compliance, cyber risk management, policy and standards governance, control framework alignment, third-party cyber risk, and cyber awareness and culture.

The ideal candidate is a strategic, business-oriented cybersecurity leader who translates complex security, compliance, and regulatory requirements into clear decisions, scalable governance processes, measurable risk reduction, and stronger customer confidence. This leadership role requires executive presence, deep cybersecurity governance expertise, and the ability to influence senior stakeholders while coaching a high-performing team.

Key Responsibilities
  • Define and execute the Cyber Risk and Trust strategy, operating model, roadmap, and metrics, delivering an enterprise-wide approach to governance, risk, compliance, assurance, and trust enablement.
  • Partner with security, technology, legal, privacy, procurement, internal audit, product, sales, and business leaders to prioritize and remediate cyber risk, and to align security with business objectives.
  • Develop executive reporting that communicates risk posture, control maturity, audit readiness, policy compliance, third-party exposure, customer assurance activity, awareness effectiveness, and progress against objectives.
  • Own the customer-facing trust and assurance program, including audits, security questionnaires, evidence requests, and attestations; standardize evidence, reduce cycle time, and maintain a customer-ready trust repository.
  • Lead the enterprise cyber risk management program, including methodologies, assessments, quantification, treatment, exception management, and a maintained risk register with clear ownership and remediation tracking.
  • Establish and govern cybersecurity policies and standards; run approval forums, manage exceptions, and ensure requirements are enforceable, measurable, and mapped to business needs and control owners.
  • Drive regulatory and framework alignment across NIST, ISO, SOC 2, CIS Controls, PCI DSS as applicable, and international models (UK, Germany, Japan, Korea, Singapore, Latin America); lead mappings, gap analyses, and remediation plans.
  • Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding, and offboarding.
  • Build a modern, behavior-focused cyber awareness and culture program with role-based training, campaigns, and simulations; measure impact through behavior and incident metrics.
  • Recruit, develop, and lead a high-performing team across assurance, risk, governance, third-party risk, and awareness; establish operating rhythms, SLAs, intake, prioritization, and quality standards.
  • Represent the function in executive forums, customer meetings, and governance committees; translate technical issues into business impact and decision-ready recommendations; serve as a senior escalation point.
Education and Experience
  • Masters degree or higher in cybersecurity, information systems, computer science, risk management, business, or related field, or equivalent practical experience preferred.
  • 15+ years of progressive experience in cybersecurity, technology risk, GRC, security assurance, audit, third-party risk, or related disciplines.
  • 12+ years leading teams, managers, or cross-functional cybersecurity programs in complex enterprise environments.
  • Demonstrated leadership in cybersecurity governance, risk management, compliance, customer assurance, policy and standards, third-party risk, and security awareness programs.
  • Deep knowledge of NIST CSF, NIST SP 800-series, ISO/IEC 27001/27002, SOC 2 Trust Services Criteria, and CIS Controls.
  • Strong working knowledge of international frameworks and expectations in the UK, Germany, Japan, Korea, Singapore, and Latin America.
  • Experience leading customer audits, security questionnaires, contractual security reviews, and external assurance activities with standardized evidence management.
  • Experience developing and operationalizing cybersecurity policies, standards, and procedures; conducting control maturity assessments and framework mappings.
  • Experience building and operating third-party cyber risk management programs with risk-based assessments and ongoing monitoring.
  • Proven ability to communicate cyber risk to executive, technical, legal, commercial, and customer audiences, balancing risk reduction with business velocity.
  • Preferred: Master's degree in a relevant field; certifications such as CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Implementer or Lead Auditor, CGEIT, CCSP, CIPM, CIPT, CDPSE.
  • Preferred: Experience in large global enterprises; board and ERM reporting; GRC and TPRM platforms; trust centers and questionnaire automation; privacy regimes (GDPR, CCPA/CPRA, LGPD, PIPA, APPI, PDPA); and assurance programs (ISO/IEC 27001, SOC 2, PCI DSS, HITRUST, CSA STAR).
Knowledge, Skills, and Abilities
  • Executive presence with the ability to influence senior stakeholders and represent cybersecurity to customers and internal leadership.
  • Strong risk judgment and pragmatic decision-making that balances regulatory obligations, customer commitments, and operational feasibility.
  • Expertise in policy and standards governance, control design, audit readiness, and evidence management.
  • Ability to build scalable governance processes, metrics, KRIs, and clear reporting for executives and boards.
  • Deep understanding of third-party risk, contractual security terms, right-to-audit provisions, and ongoing monitoring practices.
  • Skilled in change leadership, process improvement, and cultivating a positive, accountable security culture.
  • Outstanding written and verbal communication; simplifies complex technical and regulatory topics for diverse audiences.
  • People leadership that develops talent, sets clear expectations, and builds high-performing, customer-oriented teams.
Travel Requirements

N/A
Physical Demands
  • Stationary Position: Frequently
  • Vision: 20/20 corrected vision
  • Hearing: Receive detailed information if spoken to

About Asurion Corporation

Asurion provides device protection and support services for smartphones, tablets, and other consumer electronics. The company partners with wireless carriers, retailers, and manufacturers to offer its services to consumers. Asurion was founded in 1994 and is headquartered in Nashville, Tennessee. The company operates in 23 countries and has over 19,000 employees worldwide.
Learn more about Asurion Corporation
Size
19,000 employees
Industry
Founded
1994

Similar Jobs

More Jobs at Asurion Corporation

More Information Technology Jobs

Find similar Sr. Director, Cyber Risk and Trust jobs: