Listing Description

Farallon has an exciting opportunity to join the team as Director of Security/Senior Information Security Officer. This role provides strategic leadership to the management, monitoring, and reporting on the information security risk of the firm. The SISO will be responsible for the firms Information Security strategy by identifying, assessing, and mitigating internal and external cybersecurity risks that may threaten the security or integrity of Farallon data and systems.

The successful candidate possesses deep and broad experiential knowledge, credibility, and expertise in security related executive leadership within a complex global business environment. Must be a strong leader, with the ability to influence throughout the organization and effectively communicate a business vision, key objectives, and security needs. Experience protecting highly sensitive data within the organization covered by numerous regulatory agencies in different jurisdictions. Deep knowledge and awareness of on-premise and cloud platform technology at scale.

PRIMARY RESPONSIBILITIES

• Responsible for strategy and vision for corporate information security, including infrastructure security, data security, and application security


• Develop, implement, and monitor a strategic and comprehensive enterprise-wide information security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by Farallon


• Oversee cybersecurity functions including awareness, monitoring, remediation, governance, digital security, incident response, business continuity and recovery, and vendor due diligence


• Responsible for the development and enforcement of security policies and procedures based on industry-standard best practices


• Build strong relationships within the security organization and across the enterprise to implement the appropriate security controls to protect the enterprise


• Partner closely with the firm’s InfoSec Committee and leadership to ensure applications, platforms, and services are developed based on comprehensive security principles


• Promote and oversee strategic security relationships between internal and external entities


• Utilize business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program


• Work closely with internal stakeholders and business units to keep abreast of regulatory changes, planned changes to technologies, working practices, and business activities that could have an impact on the organization’s Information Security or risk profile


• Manage SSAE18 audit process and assess other certifications (e.g ISO 27001/27002, NIST-CSF, HITRUST) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy


• Direct and assist as necessary, investigations into information security breaches liaising with Legal and Compliance, Risk, and Technology teams ensuring root-causes of such breaches are understood and addressed


• Manage the Information Security team to identify, develop, implement, and maintain security related processes across the enterprise

QUALIFICATIONS

• Bachelor or Masters degree in Computer Science, Engineering, or equivalent work experience


• 10+ years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required


• 8+ years of people management experience, leading teams to build systems, practices and policies that comply with important security standards


• Proven experience leading certifications and audits program, and adept at managing external service providers


• In-depth expertise in security framework and certifications for public and regulated global industries, including COSO, ISO 27001/27002, HITRUST, FDA


• Significant experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of the business


• Ability to communicate security risks in business terms that can be clearly understood at all levels of the organization


• Experience managing and configuring web applications hosted on Azure


• An excellent understanding of legislation and regulations that impact information Security (e.g., GDPR, CCPA, Data Protection Act (2018), Freedom of Information Act, PCIDSS)


• An understanding of current and emerging threats and countermeasures and the organizational challenges to addressing these threats


• An understanding of application security threats and countermeasures


• A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, Data Loss Protection, BCP, remote working and cloud Security


• Working knowledge in the areas of risk, compliance, and privacy


• Excellent people leadership skills - providing direction, monitoring performance, motivating staff, and building a positive working environment

JOB SPECIFICATIONS

• 7+ years of Information Security or Technology Management (financial services experience preferred)


• Extensive experience in Active Directory, Windows Server, MS SQL, Cloud


• Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices


• Hands-on experience with devices such as servers, switches, and routers


• Knowledge of applicable practices and laws relating to data privacy and protection


• Proven analytical and problem-solving abilities


• Ability to work independently to conduct research into security issues and products as required


• Strong understanding of the firms’ goals and objectives


• Strong organizational skills


• Excellent attention to detail


• The Director of Security/CISO will maintain the necessary qualifications to manage the firms’ cybersecurity risks