Senior Director, Cyber Threat Assessment Leader - F&R

Job Description

This role sits within our Financial & Risk ("F&R") business. On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company's F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business. Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity. Further information on this can be found at

Financial & Risk is looking for a few highly skilled cyber security specialists to help staff a new location in the central business district of downtown Hoboken. This new facility will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of F&R- including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strength.

Essential Responsibilities:

  • Build and lead F&R's global Cyber Threat Assessment function including the Penetration Testing and Red Teams
  • Assist in the build out and staffing of the new F&R Cyber Fusion Center in Hoboken, NJ
  • Serve as the principle point of contact for Cyber Threat Assessment intake, liaising across F&R Legal, IT, Product, Communications and Security teams
  • Experience with local and multiple country regulations governing incident response processing and handling of sensitive data
  • Lead the Cyber Threat Assessment team according to best practices, maintaining a standard of the highest quality & confidentiality
  • Mentors other managers and analysts in penetration testing and Red Team disciplines
  • Coordinate critical, sensitive cyber threat simulation activities, assessments & audits spanning multiple geographies
  • Conduct briefings on sensitive penetration tests and red team engagements to a broad spectrum of audiences, ranging from Senior Executive management to IT Leadership
  • Research emerging vulnerabilities and develop proof-of-concept code in a laboratory setting
  • Develop custom tools to support penetration testing as required
  • Assist in technical assessments of wired and wireless network assets
  • Assist in physical and social assessments of target sites in support of technical assessments
  • Make recommendations concerning the overall improvement of the security posture through the proactive discovery of security weaknesses using penetration-testing techniques.

  • Bachelor's degree from an accredited college in a related discipline, or equivalent experience/combined education
  • 6+ years of experience in the cyber threat assessment domain (penetration testing and/or Red Teaming)
  • 3+ years of management experience leading a high performing cyber threat assessment team
  • Strong verbal & written communication skills
  • Strong critical thinking and group facilitation skills, specifically in large or complex problem settings
  • Experience with execution of a variety of penetration testing assessments and vulnerability assessments to include network penetration testing, web application penetration testing, mobile device penetration testing, IoT testing as well as physical and social engineering exercises.
  • Knowledge of the cyber threat landscape to include Advanced Persistent Threats, Cyber Crime, Hacktivism; specifically, the tactics, techniques and procedures they apply to a cyber-threat attack.
  • Knowledge and understanding of attack method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
  • Strong skills in various operating systems and enterprise platforms to include: Windows, Linux/Unix, Mac OS, iOS, Android, Active Directory, .Net framework, Oracle business products, SAP, etc.
  • Experience developing vulnerability reports with detailed finding descriptions, test case reproduction steps, and prioritized recommendations.
  • Demonstrated ability to attract and develop cyber security talent
  • Industry or sector leadership in designing and improving the field of penetration testing and red teaming
  • Hands-on experience conducting advanced persistent threat (APT) simulations in a global network setting
  • Change agent with ability to drive accountability & outcomes across a diverse threat landscape
  • Strong business acumen & successful track record in aligning with customers
  • A strong cross-functional team player with ability to lead and coach others in a matrix structure, across time zone and national boundaries

Desired Characteristics:

  • Certified Penetration Tester (CPT) or GIAC Penetration Tester (GPEN)
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit .

More information about Thomson Reuters can be found on

Hoboken-New Jersey-United States of America

Meet Some of Thomson Reuters's Employees

Lisa B.

Software Engineer, Centre of Cognitive Computing

Lisa works with other engineers to develop products that are powered by artificial intelligence and capable of machine learning. She also conducts research to identify new uses for existing company data.

Greg O.

Lead Software Engineer

Greg develops software frameworks that other software engineers use to build the company’s flagship Eikon product. He also mentors and provides technical leadership to more junior engineers on his team.

Back to top