Vice President, Governance, Risk & Compliance

Our Company

Oaktree is a leader among global investment managers specializing in alternative investments, with about $200 billion in assets under management. The firm emphasizes an opportunistic, value-oriented and risk-controlled approach to investments in credit, private equity, real assets and listed equities. The firm has over 1,200 employees and offices in 24 cities worldwide.

We are committed to cultivating an environment that is collaborative, curious, inclusive and honors diversity of thought. Providing training and career development opportunities and emphasizing strong support for our local communities through philanthropic initiatives are essential to our culture.

For more information, visit:

Role Summary

Oaktree is seeking a highly technical and experienced candidate for the role of Vice President of Governance, Risk & Compliance within our cybersecurity program. This executive will report directly to the Chief Information Security Officer (CISO) and be responsible for ensuring the firm maintains a strong security posture while meeting regulatory obligations and client expectations across all business lines. The ideal candidate brings deep experience in managing GRC teams in financial services, strong regulatory knowledge (SEC, FINRA, GLBA, SOX, etc.), and a pragmatic approach to risk-based decision making.

Responsibilities

Governance:

• Lead the design, implementation, and maintenance of cybersecurity governance frameworks tailored to financial services (e.g., NIST CSF, ISO 27001).
• Develop and enforce IT security policies, standards, and procedures that align with regulatory and fiduciary requirements.
• Establish and manage a centralized governance documentation platform (e.g., SharePoint) to support audits and exams.
• Coordinate security and IT control ownership across business units to ensure visibility, accountability, and reporting consistency.
• Serve as a liaison with senior management, Legal, Compliance, and Audit to drive a security-first culture.

Risk Management:

• Lead enterprise-wide cyber risk assessments including inherent/residual risk scoring, control gap analysis, and remediation planning.
• Maintain and continuously update the IT Risk Register to reflect evolving threats, regulatory changes, and business priorities.
• Oversee the third-party technology risk management program, including vendor due diligence, risk scoring, ongoing monitoring, and contract reviews.
• Collaborate with Technology and Business leaders to ensure controls are appropriately designed and risk mitigations align with business goals.
• Develop and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to track control effectiveness and program health.

Compliance

• Ensure alignment with financial industry regulatory frameworks, including GLBA, SOX, SEC, NYDFS 500, GDPR, DORA, CCPA, and other global data protection laws.
• Support the firm's response to internal and external audits, regulatory exams, and client due diligence requests.
• Lead and coordinate the firm's readiness and response for SOC 1/2 audits, including control validation and evidence collection.
• Partner with external auditors to manage SOC audit requests, walkthroughs, and responses.
• Manage the control testing and self-assessment processes to validate control effectiveness and audit readiness.
• Track and resolve policy exception requests, ensuring compensating controls are defined and documented.
• Partner with Compliance, Legal, and Enterprise Risk to maintain cybersecurity program compliance with internal policies and external expectations.
• Track audit findings, assign remediation owners, and monitor resolution to closure.

Qualifications

• 8+ years of experience in cybersecurity, IT risk, or compliance within a financial services environment (asset management, banking, or insurance).
• Deep understanding of regulatory compliance frameworks relevant to financial institutions (e.g., SEC, NYDFS, FINRA, GLBA, SOX).
• Strong understanding of SOC 1 and SOC 2 frameworks and their application in financial services / cloud environments.
• Experience participating in or leading third-party audits (e.g., SOC, ISO 27001, SOX, etc.).
• Ability to manage evidence lifecycle, control mapping, and gap remediation plans.
• Demonstrated success in building and maturing vulnerability management and control assessment programs.
• Proficiency in conducting risk assessments, developing control frameworks, and managing third-party/vendor risk programs.
• Experience with GRC platforms (e.g., ServiceNow GRC, Archer, AuditBoard) is a plus.
• Excellent written and verbal communication skills, especially in explaining complex risk and compliance topics to non-technical stakeholders.
• Strong leadership, collaboration, and change management skills.

Personal Attributes

• Technically curious and self-motivated with a passion for continuous learning and staying ahead of the threat landscape.
• Excels under pressure and with time constraints in complex, fast-paced environments.
• High integrity with strong professional and personal ethics, particularly when handling highly confidential information.
• Pragmatic problem-solver who balances stringent security requirements with business enablement and operational needs.
• Team-oriented with strong collaboration skills, able to bridge silos and foster teamwork across departments.
• Outstanding organizational skills with high attention to detail.
• Demonstrated ability to lead by doing, providing hands-on technical guidance and contributing directly to technical solutions.

Education

Bachelor's degree required; advanced degree or GRC-relevant certifications (e.g., CISSP, CISM, CRISC, CGEIT, CIA) strongly preferred.

Base Salary Range

$150,000 - $200,000

In addition to a competitive base salary, you will be eligible to receive discretionary bonus incentives, a comprehensive benefits package and a flexible work arrangement. The base salary offered will be commensurate with experience and/or qualifications, industry knowledge and expertise, as well as prior training and education.

Equal Opportunity Employment Policy

Oaktree is committed to diversity and to equal opportunity employment. Oaktree does not make employment decisions on the basis of race, creed, color, ethnicity, national origin, citizenship, religion, sex, sexual orientation, gender identity, gender expression, age, past or present physical or mental disability, HIV status, medical condition as defined by state law (genetic characteristics or cancer), pregnancy, childbirth and related medical conditions, veteran status, military service, marital status, familial status, genetic information, domestic violence victim status or any other classification protected by applicable federal, state and local laws and ordinances. This policy applies to hiring, placement, internal promotions, training, opportunities for advancement, recruitment advertising, transfers, demotions, layoffs, terminations, recruitment advertising, rates of pay and other forms of compensation and all other terms, conditions and privileges of employment. This policy applies to all Oaktree applicants, employees, clients, and contractors. Staff members wishing to report violations or suspected violations of this policy should contact the head of their department or Human Resources.

For positions based in Los Angeles

For those applying for a position in the city of Los Angeles, the firm will consider for employment qualified applicants with a criminal history in a manner consistent with applicable federal, state and local law.