Deputy Chief Information Security Officer

About The Position

Requirements

• Collaborative, no-ego leadership style with the ability to maintain culture while driving accountability and execution
• Strong executive presence and communication skills across technical, business, client, regulatory, and legal audiences
• Strong cross-functional leadership and project/program management discipline
• Strategic and data-driven problem-solving, with the ability to prioritize effectively in a fast-paced environment
• Operational mindset with a bias toward execution, documentation, and measurable outcomes

Nice To Haves

• Experience in financial services or asset management
• Relevant industry certifications such as CISSP, CCSP, CISM, AZ-500, or SC-200
• Familiarity with Infrastructure-as-Code and DevSecOps practices
• Experience supporting enterprise cloud migration and secure adoption of AI-assisted tools

Responsibilities

• Lead the information security team as a player-coach, maintaining a collaborative, high-accountability culture
• Drive security strategies, frameworks, and tooling into repeatable BAU operations with clear ownership, metrics, and follow-through
• Lead cross-functional initiatives with engineering, infrastructure, legal, compliance, and business stakeholders
• Serve as Incident Commander during security events and lead escalations, post-incident review, and operational improvement
• Develop and present KPIs, metrics, risk updates, and program status to leadership
• Lead and evolve TCW’s cloud and hybrid security architecture across Azure, identity platforms, and enterprise infrastructure
• Oversee CSPM, CNAPP, hardening baselines, configuration security, and Infrastructure-as-Code security controls
• Drive Zero Trust and identity security across human and non-human identities, including Conditional Access, federation, and least privilege
• Ensure security controls evolve with cloud migration and broader infrastructure modernization
• Lead threat detection, incident response, and threat operations, including hands-on investigation when needed
• Own the vulnerability management lifecycle, including prioritization, remediation accountability, exceptions, and reporting
• Build and mature playbooks, SOPs, automation, and continuous monitoring capabilities
• Improve analyst efficiency and response quality through automation, telemetry, and operational tooling
• Lead and mature application security, secure development, and software supply chain risk management practices
• Lead data protection, DLP, insider risk, and data governance controls in partnership with legal and compliance
• Establish and enforce security governance for AI and Generative AI adoption across the firm
• Govern the secure use of AI-assisted development and productivity tools through practical controls and clear risk guidance
• Manage security risk and support compliance with regulatory expectations applicable to financial services
• Partner with cross-functional teams to assess risk, onboard solutions, and ensure security controls are in place before production deployment
• Maintain strong relationships with vendors, industry peers, and the broader security community
• Develop documentation, standards, playbooks, and governance artifacts that support durability and institutional knowledge

Benefits

• Eligible for TCW’s comprehensive benefits package.