Design, implement, and continuously improve the firm's information security program in alignment with strategic objectives and confidentiality requirements.
Create and enforce security policies, procedures, and standards to protect the firm's technology assets.
Monitor and measure the effectiveness of security initiatives, providing actionable insights and updates to senior leadership.
Identify, assess, and mitigate cybersecurity risks, including conducting vulnerability assessments and penetration tests.
Lead incident response activities, including investigation, remediation, and reporting.
Serve as a mentor and technical resource to the security team, fostering professional growth and best practices.
Qualifications
10 + years of IT and information security experience, including a minimum of 4 years in a leadership role.
Strong knowledge of security frameworks and standards such as NIST, ISO 27001, and HIPAA.
Relevant certifications (CISSP, CISM, CISA, GIAC, CompTIA Security+, GISO) are a plus.
Proven ability to manage security programs, guide technical teams, and advise leadership on complex security challenges.