Manager of Cybersecurity

Role Purpose

The Head of Cybersecurity is accountable for establishing, operating, and continuously improving the Firm’s cybersecurity program to ensure the confidentiality, integrity, and availability of information assets in alignment with business objectives, regulatory expectations, and risk tolerance.

This role functions as a team lead and will be both hands on in setting up, maintaining, and configuring tools and/or policies as well as strategic leadership, governance, and oversight across cybersecurity operations, risk management, compliance, and resilience.

• Define and execute the Firm’s cybersecurity strategy aligned with business priorities, regulatory obligations, and risk appetite.
• Own and steward the Information Security Program (ISP), ensuring it is comprehensive, current, and effective.
• Establish cybersecurity roadmaps, maturity targets, and investment priorities to improve our layers of defense and resiliency.
• Ensure proper tradeoffs are made between the businesses ability to function and security.
• Advise the CIO and executive leadership on cybersecurity risks, trends, incidents, and strategic decisions.
• Ensure cybersecurity is embedded into enterprise technology, vendor, and business initiatives.

• Oversee the design, implementation, and maintenance of the Firm’s security control framework (presently CIS and NIST CSF).
• Ensure compliance with applicable regulatory requirements (SEC, FINRA, NFA, client contractual obligations).
• Direct enterprise risk assessments, control testing, metrics, and reporting.
• Own cybersecurity policies, standards, and exceptions governance.
• Provide executive-level reporting on cyber risk posture, control effectiveness, and remediation progress.
• Oversee third‑party and vendor security risk management.

• Provide executive oversight of security operations, vulnerability management, monitoring, and incident response (via internal tools and MDR/SOC).
• Ensure effective operation of SIEM, MDR, EDR, and related security tooling through delegated teams.
• Serve as executive incident lead for significant security events, including decision‑making, escalation, and communication.
• Ensure incident response plans, playbooks, and tabletop exercises are maintained and tested.
• Oversee post‑incident reviews, root cause analysis, and corrective action tracking.

• Provide executive ownership of Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR) programs.
• Ensure BC/DR/IR plans align with business RTO/RPO requirements.
• Oversee testing, exercises, documentation, and remediation activities.
• Report resilience readiness and gaps to executive leadership.

• Provide architectural oversight for security controls across on‑premises and cloud environments.
• Approve security tool strategy, standards, and major technology selections.
• Ensure security tooling is effective, integrated, and aligned to risk priorities.
• Stay informed on emerging threats, technologies, and industry best practices relevant to financial services.

• Lead, mentor, and develop the cybersecurity team, fostering accountability, technical excellence, and continuous improvement.
• Define role clarity, performance expectations, and professional development paths.
• Build a scalable operating model that balances internal capability and managed services.
• Promote a strong security culture across the Firm through awareness and engagement.

• Partner with IT, Compliance, Legal, Risk, and business leaders to enable secure operations.
• Act as primary cybersecurity contact for regulators, auditors, and client security inquiries.
• Ensure timely, accurate responses to client and counter party security questionnaires.

• Embody the Firm’s values of Accountability, Integrity, Excellence, Grit, and Love.
• Operate with sound judgment, transparency, and bias for action.
• Foster trust‑based relationships and disciplined…