• Support the implementation and maintenance of internal policies, standards, and procedures • Monitor compliance with laws, regulations, and corporate guidelines • Assist in risk management and internal controls • Prepare management reports and governance metrics • Provide support for internal and external audits • Organize and follow up on committee and board meetings (minutes, agendas, materials) • Promote continuous improvement of governance processes • Ensure adherence to codes of ethics and conduct

• Support the implementation and maintenance of internal policies, standards, and procedures • Monitor compliance with laws, regulations, and corporate guidelines • Assist in risk management and internal controls • Prepare management reports and governance metrics • Provide support for internal and external audits • Organize and follow up on committee and board meetings (minutes, agendas, materials) • Promote continuous improvement of governance processes • Ensure adherence to codes of ethics and conduct

Role Description Focus Financial Partners is seeking a proactive and detail-oriented Senior Risk Operations Specialist to support and strengthen our organization’s Cybersecurity program. This role is responsible for supporting key risk pillars: Vulnerability Management and Risk Management. A successful candidate will have knowledge of one or more of these areas and be able to assist with writing policy and process, supporting deployment of technology and handling incident response in a variety of environments. The candidate will also manage and maintain cybersecurity dashboards to track key performance indicators (KPIs) across all partner firms. This role can be based in New York, NY / St Louis, MO / Remote. Primary Responsibilities - Provide input into an evolving enterprise risk program, ensuring risks to data security are identified, quantified, and documented. - Develop and maintain information feeds for new and evolving vulnerabilities. - Collaborate with other technical teams to assess vulnerability criticality and coordinate patch deployment. - Participate in audits and assessments to demonstrate compliance and remediate findings. - Execute cybersecurity training and awareness programs across partner firms. - Develop and maintain real-time dashboards and reports to measure cybersecurity program effectiveness. - Work across other cybersecurity functions to incorporate KPI data. - Work with the Head of Cybersecurity Risk to establish and track KPIs such as incident response times, policy compliance rates, and training completion. - Provide regular reports to leadership and stakeholders. - Act as a liaison between IT, compliance, and external partners to ensure cohesive security practices. Qualifications - Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience). Master’s preferred. - 3-5 years of experience in cybersecurity, policy development, or GRC (governance, risk, and compliance). - Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001) and regulatory environments in financial services. - Excellent written and verbal communication skills. - Industry certifications such as CISSP, CISM, or GIAC (GSEC, GCCC) are preferred. - Prior experience in a multi-partner or financial services environment is preferred. - Familiarity with privacy regulations such as GDPR or CCPA is preferred. - Ability to manage multiple projects and stakeholders simultaneously. Benefits - The annualized base pay range for this role is expected to be between $110,000-$130,000. - Actual base pay could vary based on factors including but not limited to experience, subject matter expertise, geographic location where work will be performed, and the applicant's skill set. - The base pay is just one component of the total compensation package for employees. - Other rewards may include an annual cash bonus and a comprehensive benefits package.

• Workflow Management: Receive, triage, and process data subject requests (access, deletion, correction, portability, etc.) within the legal deadlines established by the LGPD; • Internal Coordination: Liaise with IT, Data Engineering, Legal and CX teams to locate and extract personal data from the company’s systems; • Communication with Data Subjects: Draft clear, technically accurate, and empathetic responses to users regarding the status of their requests; • Documentation: Maintain detailed records of all requests handled for audit and compliance purposes; • Process Improvement: Identify bottlenecks in the service workflow and propose automations or enhancements to the data subject journey.