Description Director, Cyber Security Testing & Assurance Overview We are seeking a highly experienced security leader to build and lead our Cyber Security Testing and Assurance organization. This role will have enterprise-wide responsibility for network penetration testing, red teaming, continuous control testing, cyber exercises, simulations, and assurance programs. The Lead Director will define strategy, manage execution, and ensure that testing and assurance activities provide actionable insights that strengthen the organization’s security posture and resilience. Reporting directly to senior leadership, this leader will partner with technology, risk, compliance, and business stakeholders to validate controls, identify gaps, and provide assurance that security investments are effective against real-world threats. Location: Candidates must be based in or willing to commute to one of the following hub locations with a hybrid schedule of four days onsite and one day remote per week: Johnston, RI – One Citizens Bank Way Pittsburgh, PA – 444 Liberty Ave Westwood, MA – 200 Station Drive Iselin, NJ – 101 Wood Avenue South Boston, MA – 28 State Street Key Responsibilities Strategic Leadership + Define and execute the vision and strategy for Cyber Security Testing and Assurance. + Establish program governance, KPIs, and reporting to senior executives and the Board. + Align testing and assurance activities with enterprise risk appetite and regulatory requirements. Network Penetration Testing & Red Team + Lead internal and external penetration testing programs, ensuring full coverage of enterprise assets. + Oversee red team operations to simulate real-world adversaries and advanced persistent threats. + Translate findings into prioritized, actionable remediation plans. Continuous Control Testing & Assurance + Develop and manage continuous testing of technical and process-level controls across cyber domains. + Validate control effectiveness against frameworks such as NIST CSF, CIS, ISO, and FFIEC. + Deliver executive-level assurance reporting to demonstrate security maturity and control effectiveness. Exercises & Simulations + Design and lead tabletop exercises, purple team engagements, and large-scale simulations. + Partner with incident response, business continuity, and risk teams to test preparedness and response capabilities. + Drive lessons-learned programs to enhance resilience and reduce response times. Leadership & Influence + Build and lead a high-performing team of penetration testers, red teamers, control testers, and assurance specialists. + Influence senior technology and business leaders to close gaps and strengthen controls. + Act as a trusted advisor to executives on threat readiness, resilience, and security assurance. Qualifications + 12+ years of progressive experience in cybersecurity, with at least 5+ years in testing, assurance, or offensive security leadership roles. + Proven experience leading large-scale penetration testing, red team operations, or cyber assurance programs. + Deep knowledge of security frameworks (NIST CSF, MITRE ATT&CK, CIS, ISO 27001) and regulatory expectations (PCI DSS, SOX, FFIEC, etc.). + Familiarity with tools and techniques for red teaming, pen testing, and control validation (e.g., Burp Suite, Cobalt Strike, Metasploit, Qualys, Tenable, or similar). + Strong track record of partnering with senior stakeholders, translating technical risks into business impacts. + Bachelor’s degree in Computer Science, Information Security, or related field (Master’s or certifications such as CISSP, OSCP, GPEN, GXPN, CISM, or CRISC preferred). Pay Transparency The salary range for this position is $175,000 - $ 250,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits. #LI-Citizens1 Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Why Work for Us At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.