Job Description

Director of IT & Security / Chief Information Security Officer (CISO)

Job Description

Overview

The Director of IT & Security / Chief Information Security Officer (CISO) is responsible for overseeing the firm’s technology operations, cybersecurity strategy, and risk management program. This role provides leadership across IT infrastructure, security architecture, identity management, vendor governance, and incident response. The Director/CISO works closely with the CTO and senior leadership to maintain a secure, compliant, and resilient environment that supports advisor productivity and protects client data.

Key Responsibilities

Cybersecurity Leadership (CISO Responsibilities)

• Lead the firm’s cybersecurity strategy, security architecture, and governance program.
• Own and mature the Incident Response Plan (IRP) , including tabletop exercises, documentation, and real-time incident leadership.
• Maintain and enhance the Business Continuity Plan (BCP) and disaster recovery processes.
• Oversee vulnerability management, security monitoring, and threat response in coordination with SOC and MSP partners.
• Administer and optimize Microsoft security controls including Purview, Defender, DLP, labeling, retention, and data governance .
• Ensure alignment with industry frameworks and regulatory expectations (NIST CSF, CIS, SEC/FINRA).
• Regularly brief senior leadership on cyber risks, posture, and remediation activities.

Identity & Access Management

• Serve as primary owner for Entra ID and Okta , including MFA, SSO, identity lifecycle, and access governance.
• Enforce least-privilege access, conditional access policies, privileged access management, and entitlement reviews.

IT Operations & Infrastructure

• Lead daily IT operations including endpoints, cloud systems, and network environments.
• Manage Microsoft 365 administration across Exchange Online, Intune, Entra, Purview, and Copilot readiness .
• Oversee network reliability and troubleshoot complex issues involving routing, DNS, certificates, encryption, proxies, and VPN technologies.
• Direct device provisioning, patch management, configuration baselines, and system hardening across the environment.

Vendor Management & Due Diligence

• Own the firm’s vendor due diligence program , including security reviews, documentation management, and risk scoring.
• Oversee vendor renewals, SLAs, and performance monitoring for MSPs, cloud services, cybersecurity partners, and critical system providers.

Governance, Compliance, and Audit Support

• Develop and maintain IT and security policies, standards, and procedures.
• Partner with Compliance and Legal on regulatory requirements, cybersecurity questionnaires, and client or regulator due diligence.
• Provide evidence, reporting, and remediation support for audits and assessments.

Strategic Planning & Leadership

• Partner with the CTO to define and execute the multi-year IT and security roadmap.
• Evaluate emerging technologies and determine firm readiness (AI, Copilot, automation, endpoint strategy).
• Lead, mentor, and develop IT team members; establish processes, SLAs, and escalation paths.
• Promote a security-first culture through communication, training, and consistent enforcement of best practices.

Qualifications

• 8–12+ years of progressive experience in IT infrastructure and cybersecurity, including leadership experience.
• Expert-level knowledge of:
• Microsoft 365 administration (Entra ID, Intune, Purview, Exchange Online, Defender, Copilot ecosystem)
• Okta administration and identity lifecycle management
• Networking fundamentals and troubleshooting (DNS, certificates, encryption, routing, VPN, firewalls)
• Security governance and frameworks (NIST, CIS, ISO27001)
• Hands-on experience managing IRP, BCP/DR programs, and incident handling.
• Strong vendor management and due diligence experience.
• Understanding of compliance requirements in regulated industries (finance preferred).
• Experience working with or administering VDI environments (Azure Virtual Desktop, Citrix, VMware Horizon, or similar).
• Excellent communication, documentation, and leadership skills.

Required/Preferred Certifications

• CISSP — strongly preferred
• Microsoft Advanced Administrator Certification (or equivalent senior Microsoft 365 admin credential)
• Okta Certified Administrator or Okta Certified Professional

Why Join Us

• Partner directly with the CTO to shape and elevate the firm’s IT and cybersecurity strategy, influencing decisions that protect and enable the entire organization.
• Lead with both execution and innovation — drive critical IT and security initiatives while exploring new technologies that strengthen resilience and improve advisor productivity.
• Join a collaborative, high-performing technology team that values ownership, accountability, and continuous improvement in a fast-growing, client-centric environment.

Job Tags

Similar Jobs