We are seeking an experienced and strategic Director of IT and Cybersecurity to join our investment management firm operating in the financial services industry. This role is responsible for establishing and maintaining corporate-wide technology infrastructure, cybersecurity, and information security programs that support operational efficiency, compliance, and security objectives. The successful candidate will lead a team of IT professionals and collaborate closely with executive management to determine and mitigate acceptable levels of risk across all business units.
Key Responsibilities
Develop and implement a strategic, enterprise-wide technology program that aligns with business objectives.
Provide leadership for IT, information security, and risk management programs, ensuring their alignment with business priorities and security goals.
Collaborate with internal and external stakeholders to foster a culture that prioritizes technological effectiveness and security.
Oversee the deployment of technology systems that meet business, privacy, and security objectives.
Ensure the successful execution of initiatives that address operational requirements and cybersecurity risks.
Manage relationships with vendors and consultants to deliver secure, compliant, and high-quality solutions.
Monitor third-party performance to ensure adherence to security policies and standards.
Assess and mitigate risks associated with third-party vendors and service providers.
Oversee security operations, including threat detection, vulnerability management, and incident response.
Implement and manage security technologies such as firewalls, intrusion prevention systems, and SIEM solutions.
Identify, assess, and manage information security risks across the organization.
Develop risk management strategies aligned with industry best practices.
Conduct regular risk assessments and audits to ensure proactive threat management.
Maintain a robust vulnerability management program, including periodic assessments and penetration tests.
Collaborate with IT teams to remediate vulnerabilities promptly and preemptively address potential threats.
Develop and lead incident response planning and investigations.
Partner with external organizations and law enforcement to address security breaches.
Design and implement organization-wide security awareness and training programs.
Foster a culture of security awareness across all levels of the organization.
Ensure compliance with relevant regulations and standards (e.g., GDPR, CCPA, SEC/FINRA, SOX).
Liaise with auditors, regulators, and compliance teams to demonstrate adherence to applicable standards.
Establish and enforce security policies, standards, and procedures aligned with regulations and industry best practices.
Ensure consistent policy implementation across the organization.
Qualifications
A minimum of 10 years of combined experience in IT, risk management, and information security.
At least 4 years in a leadership role.
Experience in a highly regulated industry, preferably in financial services.
In-depth knowledge of regulatory requirements and industry frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, CIS Critical Security Controls).
Proven ability to design and maintain effective information security strategies and programs.
Exceptional analytical, problem-solving, and communication skills.
Strong leadership, project management, and organizational capabilities.
High integrity, trustworthiness, and an innovative mindset.
Bachelor's degree in Computer Science, Information Systems, Information Security, or a related field.
Master's degree or professional certifications (e.g., CISSP, CISM, CISA) preferred.