Director, Technology Risk & Controls

For over forty years, HarbourVest has been home to a committed team of professionals with an entrepreneurial spirit and a desire to deliver impactful solutions to our clients and investing partners. As our global firm grows, we continue to add individuals who seek a collaborative, open-door culture that values diversity and innovative thinking. In our collegial environment that’s marked by low turnover and high energy, you’ll be inspired to grow and thrive. Here, you will be encouraged to build on your strengths and acquire new skills and experiences. We are committed to fostering an environment of inclusion that promotes mutual respect among all employees. Understanding and valuing these differences optimizes the potential of both the individual and the firm. HarbourVest is an equal opportunity employer. This position will be a hybrid work arrangement. You will receive 18 remote workdays per quarter to use at your discretion, subject to manager approval. For example, you may choose to work in the office 4 days per week and take one remote day weekly (typically 13 weeks per quarter), leaving 5 additional remote days to be used as needed. We are seeking a Director, Technology Risk And Controls to own the the firm’s IT control environment and handle the technology scope of our SOC 1 certification. This role is responsible for modernizing IT controls to align with cloud-first infrastructure, SaaS platforms, DevOps practices, and evidence collection supported by automated processes. In addition to SOC 1 ownership, this leader will play a key role in strengthening cybersecurity governance, policy management, risk assessments, and board-level reporting. The Director will work closely with IT, Information Security, Accounting, Legal, Compliance, Vendor Management, Enterprise Risk, and external auditors to ensure the technology and cybersecurity control framework remains effective, scalable, modern and aligned with evolving global regulatory and threat landscapes. The ideal candidate is someone who is: SOC 1 & IT Controls Ownership Oversee the IT portion of the SOC 1 program, including ITGCs, automated controls, key reports, and system boundaries. Serve as the primary liaison with external auditors for all technology-related SOC 1 matters. Lead annual prioritisation, risk assessments, walkthroughs, testing coordination, and remediation tracking. Redesign IT controls to reflect modern tooling, cloud infrastructure, SaaS platforms, and automation. Implement scalable, automated approaches to auditor evidence collection and continuous control monitoring. Technology Risk & Control Modernization Improve and maintain IT guidelines, criteria, and protocols to ensure compliance with industry regulations and standards. Embed automation and system-generated evidence into control processes to reduce manual audit burden. Develop dashboards and reporting to provide insight into control performance and deficiencies. Drive continuous improvement of the organization’s IT risk and control framework. Expertise in the various common cyber security frameworks (ISO27001, NIST CSF & 800-53 etc.) What you will do: Cybersecurity Governance & Risk Management Lead regular cybersecurity risk assessments and control reviews to identify emerging threats and vulnerabilities. Partner with Security Operations to evaluate findings and help develop practical mitigation strategies. Lead all aspects of and report efficiency of the cybersecurity program using defined targets and metrics. Stay ahead of evolving cybersecurity threats, regulatory expectations, and industry standards, and support implementation of vital updates. Board & Executive Reporting Assist the CISO in preparing quarterly cybersecurity and technology risk updates for the Board of Directors. Develop clear, executive-ready reporting that translates technical risk into business impact. Provide structured updates on SOC 1 status, audit findings, remediation progress, and risk trends. What you bring: