VP, Director of Security Program

About The Position

Requirements

• 8+ years of progressive experience in information security, governance, risk, and compliance, with at least 3 years in a leadership or management capacity.
• Deep expertise in security frameworks and standards including NIST CSF, ISO 27001, CIS Controls, SOC 2, and SOX/ITGC.
• Demonstrated experience building or significantly maturing an enterprise security program from the ground up, including policy development, control mapping, and GRC operationalization.
• Strong background in financial services, asset management, or investment management, with familiarity with SEC, FINRA, and related regulatory requirements.
• Proven ability to manage vendor risk programs, conduct third-party security assessments, and oversee external audit relationships.
• Experience translating complex technical risk into executive-level business impact narratives for Board, C-suite, and regulatory audiences.
• Track record of cross-functional leadership, building relationships with Legal, Compliance, HR, Finance, and Technology stakeholders.
• Excellent written and verbal communication skills with the ability to influence at all levels of the organization.
• CISSP, CISA, CISM, or equivalent industry-recognized certification required.

Nice To Haves

• Experience with GRC platforms such as Hyperproof, ServiceNow GRC, OneTrust, or similar tools.
• Familiarity with cloud security (AWS, Azure) and the ability to assess cloud-related risks.
• Experience leading SOC 2 Type II, HITRUST, or ISO 27001 certification programs.
• Knowledge of AI governance frameworks, responsible AI practices, and emerging AI regulations.
• Experience in M&A security due diligence and integration.
• CCSK, CCSP, CRISC, or HITRUST CCSFP certification.
• Bachelor’s degree in Information Security, Computer Science, Business, Finance, or a related field; advanced degree preferred.

Responsibilities

• Own and lead the enterprise information security program end-to-end, serving as the primary security leader for the organization and a direct partner to the CISO/Head of Security.
• Develop, implement, and continuously mature the security strategy and multi-year roadmap aligned with business objectives, regulatory requirements, and industry best practices.
• Perform comprehensive control mapping across frameworks, including the NIST Cybersecurity Framework (CSF), ISO 27001/27002, CIS Controls, and SOC 2, to ensure a unified, defensible control environment.
• Author, maintain, and govern the full suite of information security policies, standards, procedures, and guidelines, ensuring alignment with financial services regulations and frameworks (SEC, FINRA, SOX/ITGC).
• Build and manage the GRC function, including risk assessment methodology, risk register management, control testing, evidence collection, and audit readiness activities.
• Drive the security roadmap by prioritizing initiatives, managing resource allocation, tracking milestones, and reporting progress to executive leadership and the Board.
• Lead vendor and third-party risk management, including security due diligence, questionnaire design, tiered risk assessments, and ongoing monitoring of critical service providers.
• Partner cross-functionally with Legal, Compliance, Risk, HR, Finance, and Technology teams to embed security into business processes, product launches, and corporate initiatives.
• Develop and deliver executive-level reporting on security posture, risk exposure, compliance status, and program maturity to senior leadership, the Board, and regulatory stakeholders.
• Design and oversee the security awareness and training program to foster a culture of security across all business units and levels of the organization.
• Lead incident response planning, coordination, and post-incident reviews, partnering with Legal and Compliance on regulatory notification requirements and breach assessment.
• Manage relationships with external auditors, regulators, and certification bodies, overseeing audit engagements and ensuring timely remediation of findings.
• Evaluate and recommend GRC tooling, automation platforms, and security technologies to improve program efficiency, visibility, and scalability.
• Establish and mature the AI governance framework, including acceptable use policies, AI tool risk assessments, and alignment with emerging regulations (e.g., NIST AI RMF and the EU AI Act).
• Recruit, mentor, and develop security team members, building a high-performing team culture grounded in accountability, continuous improvement, and professional growth.

Benefits

• Competitive base salary with annual performance-based bonus
• Comprehensive medical, dental, and vision insurance
• 401(k) retirement plan with company matching
• Generous paid time off and company holidays
• Professional development and continuing education opportunities
• Hybrid work flexibility
• Life and disability insurance
• Wellness programs and employee assistance program (EAP)