Deputy Chief Information Security Officer, Information Technology
Listed on 2026-07-06
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
Overview
NISA Investment Advisors, LLC (NISA) partners with world-leading organizations to design, develop, and manage highly customized, risk-controlled investment strategies across fixed income, equities, and derivatives. With $462 billion assets under management ($295 billion in physical assets and $167 billion in derivatives notional value), NISA actively manages risk for institutional investors, providing clarity to complicated challenges and stability in ever-evolving markets. At NISA, we foster a culture that supports both personal and professional growth, providing opportunities to learn from experienced professionals while contributing meaningful work from the outset.
We seek candidates who demonstrate strong quantitative and analytical skills, intellectual curiosity, and a collaborative mindset to join our growing teams.
- Partner with the CISO to develop NISA's enterprise cybersecurity strategy and roadmap, and integrate it with the enterprise technology strategy
- Hold enterprise-wide accountability for NISA's information security program — its design, implementation and day-to-day operation
- Coordinate the development and maintenance of cybersecurity policies, procedures and standards to protect the organization’s assets and information
- Oversee regular risk assessments and vulnerability scans to identify potential threats and vulnerabilities
- Manage cybersecurity incident response activities and lead investigations into security incidents
- Lead, mentor and develop the cybersecurity team; assess and strengthen the team’s skills and capabilities, including augmenting and upskilling existing personnel
- Participate in the firm’s third-party (vendor) risk management program, assessing and monitoring the security posture of vendors and service providers
- Support client-facing security due diligence, including responses to client and consultant security questionnaires, due diligence questionnaires (DDQs) and requests for proposal (RFPs)
- Manage security across NISA’s hybrid on-premises and public-cloud environment (AWS and Azure), including identity and access management (IAM) as an evolving area of the program
- Work with internal teams and external vendors to select, implement and manage security technologies and tools, including firewalls, intrusion detection and prevention systems and security information and event management (SIEM) systems
- Maintain the security program against recognized control frameworks, including the NIST Cybersecurity Framework (CSF) and SOC 2
- Develop, implement and refine security controls and guardrails for the firm’s adoption of artificial intelligence (AI) — an evolving area the Deputy CISO will be expected to manage as it matures
- Ensure compliance with relevant cybersecurity regulations, including the firm’s obligations as an SEC-registered investment adviser and applicable DOL regulations
- Develop and deliver cybersecurity training and awareness programs to educate employees on best practices for information security
- Support disaster recovery (DR) capabilities for critical technology services and contribute to the firm’s operational resilience, partnering with the risk function, which owns business continuity planning
- Collaborate across the firm, including with the technology solutions team, to embed security into projects and day-to-day operations
- Present to executive and board-level risk and governance committees, explaining NISA’s cybersecurity and technology risks and the controls in place to manage them
- Participate in security audits and assessments to ensure compliance with industry standards and regulations
- Bachelor’s or master’s degree, including demonstrated coursework in computer science, cybersecurity or a related field
- 12+ years of experience in cybersecurity, with significant leadership experience and a track record of progressive responsibility
- Demonstrated experience operating as a senior leader or second-in-command within an information security organization, with the ability to deputize for a CISO
- CISSP certification is required
- Experience managing security across hybrid on-premises and public-cloud environments (AWS and Azure), including…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).