Description

Key responsibilities

Strategic planning and roadmap development

•            Build and maintain multi-year cybersecurity roadmap aligned to business objectives

•            Conduct annual risk assessments and prioritize top risks with clear mitigation plans

•            Define security architecture vision and incremental implementation phases

•            Establish measurable security metrics and KPIs with executive dashboards

•            Present strategic security initiatives to leadership with business cases and ROI

•            Balance long-term strategic initiatives with tactical operational demands

•            Drive annual security budget planning with justified resource requirements

Cybersecurity function expansion

•            Transition team from compliance-focused to balanced security engineering + compliance model

•            Identify capability gaps and build hiring plan for cybersecurity engineers

•            Implement security operations center (SOC) capabilities or managed service partnerships

•            Establish threat intelligence program with proactive threat hunting

•            Expand from reactive security to proactive security posture management

•            Define clear escalation paths and on-call rotation for security incidents

•            Mature incident response from ad-hoc to structured playbook-driven approach

Cybersecurity program leadership

•            Lead cybersecurity strategy with prioritized, measurable risk reduction initiatives

•            Implement security engineering standards and control frameworks

•            Drive incident response readiness and rapid threat containment

•            Partner with infrastructure, networking, and DevOps on security architecture

•            Provide practical security guidance that enables business outcomes

•            Drive cloud security strategy across Azure, AWS, and SaaS applications

•            Address AI/ML security risks as firm expands AI capabilities

Compliance execution

•            Own ISO 27001 and SOC 2 compliance programs and audit execution

•            Maintain audit-ready evidence and compliance documentation

•            Manage security questionnaires and assessments for clients

•            Coordinate penetration testing and vulnerability remediation

•            Ensure compliance with regulations (GDPR, HIPAA, state privacy laws)

M&A security due diligence

•            Assess cybersecurity and compliance posture of acquisition targets

•            Identify security risks and integration requirements

•            Provide clear risk recommendations to deal teams

•            Support secure integration of acquired firms

•            Balance security rigor with M&A timeline constraints

Operations and governance

•            Run predictable intake, prioritization, and execution model

•            Implement escalation paths with clear on-call coverage

•            Track decisions, actions, and risk acceptance through governance

•            Provide regular security and compliance reporting to leadership

•            Drive continuous improvement through metrics and post-incident reviews

•            Ensure all security meetings produce documented decisions or actions

Team leadership

•            Build and develop cybersecurity and GRC analyst capabilities

•            Recruit and onboard cybersecurity engineers to expand technical depth

•            Provide clear ownership and accountability for team deliverables

•            Create career development paths for security professionals

•            Foster collaboration across IT and business stakeholders

•            Model extreme ownership and solution-oriented leadership

Required experience

•            7+ years cybersecurity or GRC experience

•            5+ years leading security or compliance teams

•            Proven track record building cybersecurity roadmaps and strategic plans

•            Experience expanding security teams and capabilities

•            Audit program management (ISO 27001, SOC 2, or equivalent)

•            Security engineering and architecture experience

•            M&A security due diligence experience

Required technical knowledge

•            Security frameworks (NIST, ISO 27001, SOC 2, CIS Controls)

•            Security tools (SIEM, EDR, DLP, vulnerability management, GRC platforms)

•            Cloud security (Azure, AWS, or GCP)

•            Identity and access management

•            Incident response and threat analysis

•            Security compliance and audit processes

•            Risk assessment and management methodologies

•            Cybersecurity maturity models and capability assessment

•            Security metrics, KPIs, and executive reporting.

Required leadership capabilities

•            Strategic thinking with ability to translate business objectives into security roadmaps

•            Program management of multi-year, multi-initiative security programs

•            Building and developing high-performing teams

•            Clear communication of security risks to executives and non-technical audiences

•            Stakeholder management across IT, legal, HR, and business units

•            Decision-making under uncertainty with clear risk tradeoffs

•            Ownership mentality with accountability for results

•            Ability to articulate "why" behind security decisions and provide clear recommendations

Preferred

•            Accounting or financial services industry knowledge

•            Microsoft security stack expertise (Defender, Sentinel, Purview, Entra ID)

•            GRC platform experience (Vanta, OneTrust, ServiceNow GRC)

•            Penetration testing or offensive security background

•            Zero Trust architecture implementation experience

•            AI/ML security and responsible AI framework knowledge

•            Certifications: CISSP, CISM, CISA, ISO 27001 Lead Auditor, Azure Security Engineer

Key Skills

Education

Bachelor's degree