Wealth Management-Richardson-Vice President-Security Engineering

About The Position

Requirements

• Experience: 12+ years of progressive experience in Technology Risk, Information Security, or Application Development, with at least 5 years in a senior leadership or "Head of" capacity within the Financial Services industry, specifically with exposure to Wealth Management.
• Technical Depth: Deep understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), cloud security principles (AWS preferred), and web stack technologies (e.g., HTTP, HTML5, AJAX, REST, OAuth, SAML, OIDC).
• Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g., SEC [https://www.sec.gov/], FINRA [https://www.finra.org/], GDPR [https://gdpr-info.eu/], CCPA [https://oag.ca.gov/privacy/ccpa], GLBA [https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act], state-specific privacy laws) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) [https://www.fairinstitute.org/] or similar frameworks.
• Leadership & Management: Proven ability to build, mentor, and lead high-performing global teams of security professionals. Demonstrated success in building coalitions and influencing diverse engineering, business, and executive stakeholders.
• Program Management: Strong program and project management skills with a track record of driving complex security initiatives to successful completion within committed timelines.
• Communication: Exceptional written and oral communication skills, with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
• Risk Assessment: Expertise in performing risk assessments, identifying gaps in compliance with information security policies, and recommending effective mitigation strategies.
• Acquisition Experience: Experience with acquisition due diligence and integration from a technology risk perspective.
• Security Standards: Familiarity with leading security standards and frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls.

Nice To Haves

• BS or MS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
• Relevant industry certifications such as CISSP [https://www.isc2.org/Certifications/CISSP], CISM [https://www.isaca.org/credentialing/cism], CRISC [https://www.isaca.org/credentialing/crisc], CISA, or cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
• Experience with leveraging AI/ML to solve security problems and scale operations.
• Knowledge of secure coding languages (e.g., Python, Java, Go)

Responsibilities

• Strategic Leadership & Governance:
• Define and execute the multi-year Technology Risk roadmap for the Wealth Management division, ensuring alignment with firm-wide standards, industry best practices, and frameworks such as the NIST Cybersecurity Framework [https://www.nist.gov/cyberframework].
• Lead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify, evaluate, and mitigate technology risks specific to Wealth Management.
• Act as the primary liaison for internal and external audits, regulatory examinations (e.g., SEC [https://www.sec.gov/], FINRA [https://www.finra.org/], GDPR [https://gdpr-info.eu/], CCPA [https://oag.ca.gov/privacy/ccpa], GLBA [https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act], state-specific privacy laws), and client due diligence requests, ensuring all commitments are met.
• Provide executive-level reporting on risk trends, key risk indicators, and the overall technology risk profile to Wealth Management leadership, the AWM Operating Committee, and Firmwide Technology Risk leadership.
• Oversee and guide a team of embedded Technology Risk Officers supporting specific Wealth Management business verticals, ensuring consistent application of risk management principles, policies, and controls.
• Technical Risk Advisory & Architecture:
• Oversee the "Security Single Point of Contact" (SPOC) model for key Wealth Management initiatives, including new product launches, strategic projects, and M&A due diligence, ensuring security is integrated from inception.
• Ensure that secure design principles, threat modeling, and OWASP Top 10 [https://owasp.org/www-project-top-ten/] mitigations are systematically integrated into the architecture and development lifecycle of all Wealth Management applications and platforms.
• Drive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures, optimizing security posture while enabling business agility within Wealth Management.
• Product Security & SDLC Integration:
• Champion the "Shift Left" philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Wealth Management engineering teams.
• Supervise the execution of comprehensive threat modeling, manual code reviews, penetration testing, and vulnerability assessments across the entire Wealth Management application portfolio.
• Collaborate closely with Engineering and DevOps teams to enhance the firm’s security posture through the implementation of automated CI/CD security gates and secure development practices.
• Client Due Diligence & Revenue Protection:
• Oversee the client-facing security due diligence function for Wealth Management, supporting high-value prospect requests and existing client audits to protect and enable revenue streams. This includes addressing concerns related to privacy and data protection for individual clients.
• Represent the firm’s security maturity, technical resilience, and robust control environment to external individual and institutional clients, partners, and advisors in the Wealth Management sector.
• Innovation & Scaling:
• Drive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection, enhance threat intelligence, and scale security operations efficiently.
• Research and evaluate emerging trends in fintech security, cryptography, and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies, particularly concerning client data privacy.