AMD Public-Dallas-Vice President-Security Engineering

Role Overview

The Head of Technology Risk for Asset Management is a critical senior leadership position responsible for defining, implementing, and overseeing the comprehensive information security and cybersecurity risk posture specifically within the Asset Management business. This role is pivotal in balancing commercial objectives with robust security controls, ensuring the division's resilience against an evolving threat landscape, and protecting client assets and data.

This leader will directly manage and provide strategic direction to teams responsible for Governance, Risk & Compliance (GRC), Application Security & Advisory, and Product Security functions within Asset Management. Crucially, this role also involves the oversight and guidance of embedded Technology Risk Officers who are assigned to various Asset Management business verticals. The objective is to foster a unified and proactive approach to risk management, ensuring regulatory compliance, and enabling secure technological innovation across all Asset Management initiatives.

• Define and execute the multi-year Technology Risk roadmap for the Asset Management division, ensuring alignment with firm-wide standards, industry best practices, and frameworks such as the NIST Cybersecurity Framework.
• Lead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify, evaluate, and mitigate technology risks specific to Asset Management.
• Act as the primary liaison for internal and external audits, regulatory examinations (e.g., SEC, FINRA, GDPR, CCPA), and client due diligence requests, ensuring all commitments are met.
• Provide executive-level reporting on risk trends, key risk indicators, and the overall technology risk profile to Asset Management leadership, the AWM Operating Committee, and Firmwide Technology Risk leadership.
• Oversee and guide a team of embedded Technology Risk Officers supporting specific Asset Management business verticals, ensuring consistent application of risk management principles, policies, and controls.

• Oversee the "Security Single Point of Contact" (SPOC) model for key Asset Management initiatives, including new product launches, strategic projects, and M&A due diligence, ensuring security is integrated from inception.
• Ensure that secure design principles, threat modeling, and OWASP Top 10 mitigations are systematically integrated into the architecture and development lifecycle of all Asset Management applications and platforms.
• Drive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures, optimizing security posture while enabling business agility within Asset Management.

• Champion the "Shift Left" philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Asset Management engineering teams.
• Supervise the execution of comprehensive threat modeling, manual code reviews, penetration testing, and vulnerability assessments across the entire Asset Management application portfolio.
• Collaborate closely with Engineering and Dev Ops teams to enhance the firm's security posture through the implementation of automated CI/CD security gates and secure development practices.

• Oversee the client-facing security due diligence function for Asset Management, supporting high-value prospect requests and existing client audits to protect and enable revenue streams.
• Represent the firm's security maturity, technical resilience, and robust control environment to external institutional clients, partners, and investors in the Asset Management sector.

• Drive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection, enhance threat intelligence, and scale security operations efficiently.
• Research and evaluate emerging trends in fintech security, cryptography, and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies.

• Experience:
  
  12+ years of progressive experience in Technology Risk, Information Security, or Application Development, with at least 5 years in a senior leadership or "Head of" capacity within the Financial Services industry, specifically with exposure to Asset Management.
• Technical Depth:
  Deep understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), cloud security principles (AWS preferred), and web stack technologies (e.g., HTTP, HTML5, AJAX, REST, OAuth, SAML, OIDC).
• Regulatory & Risk Expertise:
  Expert knowledge of global financial regulations (e.g., SEC, FINRA, GDPR, CCPA) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) or similar…