Key skills
Cyber SecurityLeadershipRisk ManagementDecision Making
About this role
Role Overview
- Manage the development, maintenance, and continuous improvement of the firm’s cybersecurity governance, risk, and compliance (GRC) program
- Maintain and operationalize security policies, standards, procedures, and control frameworks aligned to industry standards (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC)
- Perform security risk assessments, including technology, vendor, and business process risk, and document findings, risk ratings, and recommended mitigations
- Track identified risks, exceptions, and remediation activities through a centralized risk register and support risk acceptance workflows
- Drive and support internal and external audits, client risk assessments, and due diligence requests (e.g., SOC reports, questionnaires, client security reviews)
- Partner with IT and Security teams to map technical controls to compliance requirements and validate control effectiveness
- Manage and assist with third-party risk management activities, including vendor security reviews and ongoing risk monitoring
- Contribute to incident governance activities, including post-incident reviews, risk tracking, and lessons learned documentation
- Oversee and support compliance tooling and evidence collection (e.g., GRC platforms, audit management tools)
- Help define metrics and reporting related to risk posture, compliance status, and control maturity for leadership
- Stay current on relevant regulatory, legal, and cybersecurity requirements impacting the firm and communicating changes to stakeholders
- Collaborate cross-functionally to promote security awareness, risk-informed decision making, and consistent governance practices
- Drive and support special projects related to SOC maturity, control improvements, M&A integration, and new technology risk assessments
Requirements
- Bachelor's Degree in Information Technology or Cybersecurity or other related degree
- Relevant certifications (e.g. CISA, CRISC, CISM, or equivalent) preferred
- Strong understanding of cybersecurity governance, risk management, and compliance concepts
- Working knowledge of common security and compliance frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC)
- Experience performing security risk assessments and documenting risks, controls, and remediation plans
- Ability to interpret technical security controls and map them to compliance and regulatory requirements
- Experience supporting audits, assessments, or client security questionnaires
- Familiarity with third-party risk management and vendor security review processes
- Strong analytical skills with the ability to assess risk, identify gaps, and recommend practical improvements
Tech Stack
- Cyber Security
Benefits
- Competitive compensation
- Annual bonus
- Medical, dental, and vision care
- Disability and life insurance
- Generous Paid Time Off
- Retirement plans
- Paid Care Leave
- Other programs dedicated to enhancing personal and work life