Job Specifications
Our client, an investment management firm with over $70b in AUM, is seeking to add a Head of Information Security to their team in a newly created position that will report to the CTO. This role requires 4 days onsite in NYC with occasional travel to Greenwich, CT. This is a hands-on role responsible for protecting our client's network and proprietary/sensitive information. The overall goal is to continuously improve Client Information and Cyber Security Program by advancing both our proactive and reactive capabilities and processes. A successful individual will mitigate the information security risk surface across systems and data and improve overall compliance with security regulations.
Total Compensation in the $300-500k, based on experience
Responsibilities:
Own, maintain, and continuously improve the firm’s information security
Design, implement, and operate a cyber risk management framework and program, including risk identification, assessment, treatment, and reporting
Lead the disaster recovery and business continuity (DR/BCP) program, including planning, documentation, testing, and remediation of issues
Identify and address vulnerabilities and threats across infrastructure, applications, and data
Develop and implement security controls and protocols across on-prem, cloud, and SaaS environments
Analyze and assess risks to the company’s critical systems and data; define and track remediation plans
Own the MDR vendor relationship, including selection, ongoing oversight, runbooks, playbooks, testing, and performance reviews
Evaluate, select, and oversee key security technologies (e.g., endpoint protection, email security, identity security, vulnerability management, SIEM) and coordinate regular testing and tuning
Partner with Compliance and external auditors to support SOC 1 Type 2 (e.g., access control, change management, operations)
Required Qualifications:
Deep Information and Cyber Security experience, including strategy, hands-on technical work, and program leadership
Experience with Azure and Microsoft 365 E5 security ecosystem (e.g., Defender XDR, Conditional Access, Intune, etc.), as well as Azure
Hands-on experience working with security data, ideally in a SIEM platform (ideally Azure Sentinel, Splunk, or similar)
Oversee key relationships including MDR / SOC provider and pen test providers
Experience building or operating a cyber risk management framework/program (e.g., NIST CSF or similar)
Familiarity with IT general controls and supporting audits (Access control, Change management, etc.) Comfort in working with regulators and internal/external counsel is critical.
Preferred qualifications include:
Prior experience in a buy-side firm (PE fund, hedge fund, traditional asset manager, etc). with less than 1200 employees. (Strongly preferred)
Advanced Cyber Security certifications
If you meet the required qualifications and are interested in this role, please apply today.
The Solomon Page Distinction
Our teams, comprised of subject matter experts, develop an interest in your preferences and goals and we act as an advisor for your career advancement. Solomon Page has an extensive network of established clients which allows us to present opportunities that are well-suited to your respective goals and needs – this specialized approach sets us apart in the industries we serve.
About Solomon Page
Founded in 1990, Solomon Page is a specialty niche provider of staffing and executive search solutions across a wide array of functions and industries. The success of Solomon Page reflects an organic growth strategy supported by a highly entrepreneurial culture. Acting as a strategic partner to our clients and candidates, we focus on providing customized solutions and building long-term relationships based on trust, respect, and the consistent delivery of excellent results. For more information and additional opportunities, visit: solomonpage.com and connect with us on Facebook, and LinkedIn.
Opportunity Awaits.