Cybersecurity Risk Associate

About The Position

Requirements

• Sound knowledge of IT networking concepts including but not limited to segmentation, DNS, the OSI model, and network topologies.
• Working knowledge of AI risk concepts such as data leakage, third-party model exposure, and responsible AI use in enterprise environments.
• Sound knowledge of cloud infrastructure controls and concepts related to solutions such as Microsoft 365, AWS, and Google Workspace.
• Familiarity with cybersecurity concepts such as business continuity, disaster recovery, incident response, and network security.
• An understanding of vulnerability management concepts and methodologies.
• Proven experience in a client/customer-facing role.
• Experience discussing technical concepts with a non-technical audience.
• Excellent written and verbal communication skills.
• Excellent time management skills.

Nice To Haves

• Sound knowledge of security standards and frameworks such as, but not limited to, NIST, CIS, COBIT, etc.
• Previous experience deploying security controls and policies within cloud infrastructure environments.
• Familiarity with AI security frameworks and guidance (NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS) and enterprise AI governance.
• Knowledge of hedge fund, private equity, or RIA operations/compliance.
• CRISC, CISA, CISSP, CIPP, AAISM, Security+ certifications.

Responsibilities

• Conduct risk assessments and security audits of client cloud environments.
• Assess the security posture of cloud platforms and infrastructure including but not limited to Microsoft 365, Google Workspace, Azure, and AWS.
• Perform risk assessments of AI platforms used by clients, including Claude, ChatGPT, and Gemini — evaluating data handling, access controls, model configuration, and integration risk.
• Provide AI security advisory to clients, covering safe adoption, deployment patterns, permission and data-sharing reviews, policy development, and ongoing governance of AI tools across the firm.
• Lead AI security training sessions for client teams — translating evolving AI risks, regulatory expectations, and best practices into practical guidance employees and stakeholders can act on.
• Schedule, conduct, and lead risk assessment meetings with clients and IT providers.
• Assess operational business risks and provide remediation and mitigation guidance.
• Act as an escalation point for technical questions from clients and internal teams.
• Participate in the enhancement of existing Drawbridge products, reports, and processes.
• Assist and advise clients with cyber training, incident response, operational due diligence, and/or SEC cyber audit requirements.
• Identify and evaluate complex business and technology risks, controls to mitigate risks, and related opportunities for control improvement.
• Learn applicable regulatory framework and compliance guidelines for cybersecurity (including but not limited to SEC, NFA, FCA, MAS).
• Continuously learn and advance your cybersecurity knowledge, bringing new insights back to both client engagements and the broader team.
• Maintain tracking of internal tasks, provide status updates to clients, team members, and managers, and ensure open and consistent communication with all stakeholders.
• Establish and maintain relationships with clients, IT providers, and other service providers.

Benefits

• Competitive compensation package
• Employer Retirement/401(k) plan with company contribution
• Medical, Dental, Vision Coverage, Disability, and Life Insurance
• Health Savings Account (HSA) or Flexible Spending Account (FSA)
• Generous Paid Time Off Policy
• Healthy Work/Life Balance
• Phone Reimbursement Perk
• Exclusive Employee Discounts & Perks offered through ADP and insurance
• Tuition Reimbursement