Associate Director, Information Security Risk

About the role

Risk, Regulatory, Compliance & Security (RRCS) is a global function within EQT Central Functions, spanning Europe, Asia Pacific and North America. The team works independently while partnering closely with the business and Technology functions to navigate a complex and continuously evolving regulatory and threat landscape. RRCS is a high-standards, commercially minded function where clarity of thought and quality of output genuinely matter. As Associate Director, Information Security Risk, you will shape and steward EQT's information security risk and control governance capability, acting as the critical bridge between RRCS, Technology, and the wider business. You will bring both depth and breadth - credible enough to challenge Technology teams on architecture and controls, and articulate enough to brief senior leadership and board-level audiences with precision. Develop and continuously improve EQT's information security risk and control framework, ensuring it remains fit for purpose as the threat landscape and regulatory environment evolve. Maintain a robust risk register; identify, assess and track security risks across the firm and escalate material issues to the CISO and relevant governance forums. Design and implement pragmatic, proportionate security controls that balance risk reduction with business agility. Draft, maintain and enforce information security policies, standards and procedures aligned to regulatory requirements and industry best practice. Lead implementation of applicable regulatory frameworks across EQT's global footprint (including DORA, NIS2, ISO 27001 and NIST) and monitor the horizon for emerging obligations. Oversee the information security component of third-party vendor risk reviews, including critical outsourcing assessments; define vendor security requirements and track remediation of identified gaps. Play a central role in EQT's cyber incident response capability - coordinating response activities, ensuring governance obligations are met, and leading post-incident reviews. Produce high-quality, board-ready reporting, risk appetite dashboards and briefing materials for senior management and governance committees. About You You are a seasoned information security risk professional with a commercial mindset and a talent for making complex risk topics accessible to senior audiences. You build trust across functions naturally, hold your ground on risk positions constructively, and bring genuine intellectual rigour to governance and control design. What you'll bring (must-have): Around 10 years of experience in information security risk, cybersecurity governance, or technology risk within asset management, private equity, banking or financial services. Proven track record building and operating security risk and control frameworks in a regulated financial services environment. Hands-on experience implementing regulatory frameworks such as DORA, NIS2, ISO 27001 or NIST, with solid understanding of cross-border regulatory dynamics. Demonstrated experience leading third-party vendor risk assessments, including outsourcing and critical supplier reviews. Solid background in incident response, from operational coordination through to governance reporting and lessons learned. Deep working knowledge of cybersecurity technologies, architectures and solutions, sufficient to advise and credibly challenge Technology teams. Strong communication skills with the ability to distil complex technical and risk topics into concise, impactful materials for senior and board-level audiences.

Requirements

• Relevant professional qualifications such as CISM, CRISC or CISSP.
• Experience working within an international team or matrix organisation.
• Familiarity with digital tools and workflow automation that enhance team efficiency and risk reporting.
• Exposure to data governance obligations and their intersection with information security risk.
• Prior experience contributing to board or senior governance committee reporting in a financial services context.

Benefits

Additional Information

EQT is looking for an Associate Director, Information Security Risk to serve as the firm's subject matter expert on information security risk - translating complex cybersecurity and technology risk into clear governance frameworks and actionable business outcomes. This is a senior individual contributor role sitting within the CISO function, reporting directly to the CISO, and operating across a global, regulated financial services environment.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at EQT Group? Share your experience