Our client, headquartered in the “Silicon Hills” of Austin, Texas, offers an experience as unique as the city in which it operates. The firm supports more than 1,700 independent financial advisors in delivering comprehensive securities and investment advisory services to their clients. With a culture rich in reinvention and advisor advocacy, they have developed integrated business management technology that, combined with its personalized consulting services, offers exceptional scale and efficiency
This is an exciting new role and will give the successful candidate a great opportunity to deliver on a set of high visibility and business critical cyber and technology risk initiatives tied to the multi-year Cyber Program, designed to continually lower the firm’s risk profile. The role will define and execute on the Cyber and Technology Risk strategy, leveraging, for example, a fully cloud-based set of tooling and controls to protect our perimeter and endpoints, and partnering with the business, vendors and other key stakeholders, that will position our firm’s cybersecurity stance, as well as that of our Advisors, to be a competitive advantage for the firm.
Primary Responsibilities of the Head of CyberSecurity and Risk:
- Provide overall leadership across the firm for all CyberSecurity and Risk technology initiatives including definition of policies and procedures, tooling, partnering with the Software Engineering team to ensure secure development practices, partnering with the Cloud Infrastructure team to ensure secure architecture, implementation and monitoring, along with all the goals, standards, practices, processes, and technologies related to creating a low [residual] risk and ‘CyberSecure’ organization.
- Defines an extensible and modern cyber control architecture for the purpose of solving for business risks today and in the future for the firm and its Advisors
- Be a key member of, and partner very closely with, the Compliance and Risk organization in the business, chair the CyberSecurity Governance Committee comprised of key stakeholders, as well as report to the Executive Leadership team on the Cyber Program, tracking against success metrics.
- Play a key role in defining, and then executing on, the CyberSecurity and Technology Risk strategy across all of Kestra’s businesses, working closely with the Shared Service teams as well as key stakeholders in each of the businesses.
- Be fully accountable for the timely and high quality delivery of the Cyber Program of work, leveraging ongoing monitoring and testing to track progress and level of risk.
- Build out and develop a small team of CyberSecurity Engineers/Analysts who will help drive the successful delivery of the firm’s Cyber Program as well as the ongoing surveillance and analysis of incidents to create a closed loop monitoring system.
- Create the necessary Continuing Education program for both Home Office employees and Advisors on the platform for continual training in order to avoid known cyber risks, minimizing the number of incidents.
- Create a Secure-first approach and mindset to delivering technology products that are secure from the outset, collaborating closely with their peers in Data Engineering, Software Engineering and Cloud Infrastructure to define practices, standards, tooling and metrics, and defining their role and responsibility for making the products and platforms secure.
- Drive Cyber and Technology Risk related due diligence on our vendor partners and make an objective recommendation on when to buy vs build, as well as develop strong partnerships with our key vendor providers to ensure alignment of cyber and risk related items on their roadmap.
- Manage the budget that includes all people, software and infrastructure resources against a budget plan, and is able to forecast expenses against the roadmap
Primary Requirements for the Head of CyberSecurity and Risk:
- Have successfully led a CyberSecurity team for a company, ideally within the financial services/wealth management/RIA industry though not essential
- Has a proven track record of leading and delivering complex commercial cyber-related initiatives, working across teams, communicating with various stakeholders
- Can demonstrate understanding of where cyber controls can both balance reducing risk as well as enabling growth and improving efficiency and productivity of our firm and its Advisors
- Broad and deep experience with all modern cyber control practices including but not limited to secure coding and architecture, testing and assessments, as well as education and policies.
- Broad understanding of available native cloud-based cybersecurity technologies and third-party cloud-based ecosystem enablers
- Has efficiently managed against multi-million dollar budgets
- Not afraid to roll up their sleeves and play a hands-on role, including incident reviews and analysis
- Excellent presentation and written communication skills
- Positive, people-oriented, and energetic attitude
- Naturally curious individual that will help drive innovation across the team and organization
- Bachelors/Masters in CyberSecurity, Computer Science, Engineering or related field
- Masters in CyberSecurity or related field preferred but not essential
What’s in it for you as Head of CyberSecurity and Risk?
- Great opportunity to deliver on a set of high visibility and business critical cyber and technology risk initiatives
- Work with a seasoned, successful and professional executive and leadership team
- Award winning, stable leader in their market space and still growing
- Solid compensation plan includes comprehensive benefits and bonus plan
- Full health, vision, dental. 401(k) plans along with a host of voluntary plans such as car insurance, legal services and more.
- A brand new state of the art building in Southwest Austin with a basketball court, volleyball court, baseball field, walking trails, unlimited coffee, tea and sparkling water