Head of CyberSecurity and Technology Risk
Our client, headquartered in the “Silicon Hills” of Austin, Texas, offers an experience as unique as the city in which it operates. The firm supports more than 1,700 independent financial advisors in delivering comprehensive securities and investment advisory services to their clients. With a culture rich in reinvention and advisor advocacy, they have developed integrated business management technology that, combined with its personalized consulting services, offers exceptional scale and efficiency.
Currently, they are looking to fill the role of Head of Cybersecurity and Technology Risk. This role will give the successful candidate a great opportunity to deliver on a set of high visibility and business critical cyber and technology risk initiatives designed to continually lower the firm’s risk profile. The role will define and execute on the Cyber and Technology Risk strategy, including achieving and maintaining SOC2 status across companies, leveraging a fully cloud-based set of tooling and controls to protect the perimeter and endpoints, and moving to a zero-trust approach to security. Partnering with the business, vendors and other key stakeholders, this position will place the firm’s cybersecurity strength and capabilities to be a competitive advantage for the firm.
What’s in it for you as Head of CyberSecurity and Risk?
- Great opportunity to deliver on a set of high visibility and business critical cyber and technology risk initiatives.
- Work with a seasoned, successful and professional executive and leadership team.
- Award winning, stable leader in their market space and still growing.
- Solid compensation plan includes comprehensive benefits and bonus plan.
- Full health, vision, dental. 401(k) plans along with a host of voluntary plans such as car insurance, legal services and more.
- A brand new state of the art building in Southwest Austin with a basketball court, volleyball court, baseball field, walking trails, unlimited coffee, tea and sparkling water!
Primary Responsibilities of the Head of CyberSecurity and Risk:
- Provide overall leadership across the firm for all CyberSecurity and Risk technology initiatives including definition of policies and procedures, tooling, partnering with the Software Engineering team to ensure secure development practices, partnering with the Cloud Infrastructure team to ensure secure architecture, implementation and monitoring, along with all the goals, standards, practices, processes, and technologies related to creating a low [residual] risk and ‘CyberSecure’ organization.
- Lead each companies’ roadmap to achieve and maintain SOC2 Type II accreditation.
- Be a key member of, and partner very closely with, the Compliance and Risk organization in the business, chair the CyberSecurity Governance Committee comprised of key stakeholders, as well as report to the Executive Leadership team on the Cyber Program, tracking against success metrics.
- Be fully accountable for the timely and high-quality delivery of the Cyber Program of work, leveraging ongoing monitoring and testing to track progress and level of risk.
- Lead and develop the team of CyberSecurity Engineers/Analysts who will help drive the successful delivery of the firm’s Cyber Program as well as the ongoing surveillance and analysis of incidents to create a closed loop monitoring system.
- Create the necessary Continuing Education program for both Home Office employees and Financial Advisors on the platform for continual training in order to avoid known cyber risks, minimizing the number of incidents.
- Create a secure-first approach and mindset to delivering technology products that are secure from the outset, collaborating closely with their peers in Data Engineering, Software Engineering and Cloud Infrastructure to define practices, standards, tooling and metrics, and defining their role and responsibility for making the products and platforms secure.
- Work with the PMO team to track progress against the roadmaps and coordinate across functions.
- Drive Cyber and Technology Risk related due diligence on our vendor partners and make an objective recommendation on when to buy vs build, as well as develop strong partnerships with our key vendor providers to ensure alignment of cyber and risk related items on their roadmap.
- Manage the budget that includes all people, software and infrastructure resources against a budget plan, and is able to forecast expenses against the roadmap.
- Create processes and deployment plans, communications strategy and change management to support Cyber and Technology Risk initiatives being delivered to the business.
Primary Requirements for the Head of CyberSecurity and Risk:
- Bachelors/Masters in CyberSecurity, Computer Science, Engineering or related field.
- Masters in CyberSecurity or related field preferred but not essential.
- Have successfully led a CyberSecurity team for a company, ideally within the financial services/wealth management/RIA industry though not essential.
- Has a proven track record of leading and delivering complex commercial cyber-related initiatives, working across teams, communicating with various stakeholders.
- Can demonstrate understanding of where cyber controls can both balance reducing risk as well as enabling growth and improving efficiency and productivity of our firm and its Advisors.
- Defines an extensible and modern cyber control architecture for the purpose of solving for business risks today and in the future for the firm and its Advisors.
- Broad and deep experience with all modern cyber control practices including but not limited to secure coding and architecture, testing and assessments, as well as education and policies.
- Broad understanding of available native cloud-based cybersecurity technologies and third-party cloud-based ecosystem enablers.
- Has efficiently managed against multi-million dollar budgets.
- Not afraid to roll up their sleeves and play a hands-on role, including incident reviews and analysis.
- Excellent presentation and written communication skills.
- Proven team-player with strong interpersonal skills.
- Detail-oriented with a strong risk mitigation mindset.
- Positive, people-oriented, and energetic attitude.
- Naturally curious individual that will help drive innovation across the team and organization.