Information Technology Cybersecurity

Professional Experience: 6-10 years related experience

Job Description

Seeking a Vice President of Cybersecurity to join its Information Technology team. This is a broad, hands-on role at the intersection of cybersecurity, infrastructure operations, and business resilience in a fast-moving investment environment. The successful candidate will own the firm''''''''s security program protecting sensitive investment data, proprietary analytics, and confidential investor and counterparty information while contributing meaningfully to day-to-day security operations in close collaboration with the larger team.

Specific job responsibilities include: Cybersecurity Program Ownership

• Own and mature the firm''''''''s cybersecurity program, conducting continuous gap analysis and driving improvements to the overall security posture across a multi-jurisdictional investment management environment
• Assess and harden the firm''''''''s infrastructure stack spanning cloud platforms, connectivity with external vendors, and investor portals from a security perspective
• Coordinate with the firm''''''''s Managed Security Service Provider (MSSP) to ensure comprehensive monitoring across endpoint, cloud, and identity surfaces, including coverage for remote and international office users
• Serve as first responder for threat detection alerts and security escalations, conducting log analysis and triage across SIEM, EDR, and other security tooling with sensitivity to events involving investment data, trade information, or investor communications
• Oversee vulnerability management lifecycle: scanning cadence, prioritization, patching coordination, and exception tracking across devices, servers, and third-party connected systems
• Manage the phishing simulation program, security awareness training, and onboarding training for new hires tailoring content to reflect threats relevant to the financial services sector
• Evaluate and recommend new security tooling, building a business case for investment, and communicating risk trade-offs to senior leadership

AI Security & Emerging Threats

• Partner with investment, technology, and operations teams to assess AI and machine learning initiatives including use of large language models, co-pilot tools, and data analytics platforms ensuring appropriate data security, access controls, and governance frameworks are in place
• Evaluate risks associated with AI tools accessing or processing sensitive investment data, credit models, LP information, or proprietary research, and establish guardrails and usage policies
• Monitor the evolving threat landscape including financially motivated cybercrime, nation-state activity targeting financial institutions, and supply chain risks and proactively recommend enhancements to the firm''''''''s defenses
• Contribute to SecDevOps practices in collaboration with the application development and portfolio analytics teams, embedding security into the development of tools and pipelines

Governance, Risk & Compliance

• Maintain and update the firm''''''''s cybersecurity policy framework in collaboration with Legal & Compliance, ensuring alignment with regulatory cybersecurity rules
• Coordinate BCP/DR tabletop exercises and failover testing with stakeholders across investment, operations, finance, and legal teams
• Conduct quarterly internal cybersecurity audits, including access control reviews, privileged access assessments, and third-party connectivity reviews and serve as the primary point of contact for external audits, regulatory examinations, and investor due diligence questionnaires (DDQs) relating to technology and security
• Support R&D efforts related to security frameworks and contribute to the firm''''''''s ongoing assessment against these benchmarks
• Maintain accurate, up-to-date documentation of systems, configurations, procedures, and incident response playbooks, ensuring readiness for regulatory review at short notice

Qualifications and Education Requirements

• Bachelor s degree in information technology, computer science, cybersecurity, or related field
• 7 10 years of progressive experience in information technology with a meaningful focus on cybersecurity, infrastructure security, or a combined security and operations role
• Demonstrated experience owning or materially contributing to a security program in a financial services, asset management, or similarly regulated environment
• Hands-on experience with EDR, SIEM, DLP, vulnerability management tools, and IAM platforms
• Working knowledge of cybersecurity regulations and a solid grasp of GRC frameworks
• Understanding of data classification and information barriers relevant to an investment management context, including handling of MNPI and investor confidential information
• Strong interpersonal and communication skills able to engage credibly with senior investment and business professionals, and to translate technical risk clearly for non-technical audiences
• Self-directed and highly organized, with the ability to manage competing priorities and operate effectively with minimal oversight in a demanding environment
• Experience with cloud security (AWS, Azure, or Google Cloud Platform), including securing cloud-hosted financial data and enforcing access governance in hybrid environments
• Familiarity with investor DDQ processes and the ability to respond competently to LP and auditor questions on technology risk and security controls
• Exposure to SecDevOps practices and collaboration with internal application development or data engineering teams
• Relevant certifications such as CISSP, CISM, CISA, CompTIA Security+, or equivalent
• Ability to step in and support the general help desk when needed