Associate Director (Cybersecurity)

About the role

Position Information Hiring Manager: Senior Director Department: Technology Solutions Department Overview The Technology Solutions ("TS") Department is responsible for designing and delivering state of the art technology solutions that are designed to create efficiency, mitigate risk and grow revenue for the Firm. Technology Solutions is also responsible for defining, managing and executing a robust Cyber Security program following the NIST Cyber Security Framework. Technology Solutions focuses on technical excellence through innovative application designs, robust data integration and analytics, high availability infrastructure and gold level service for our key stakeholders with information security embedded throughout. Critical functions within Technology Solutions include Project Management, Vendor Management, Business Analysis, Enterprise Data Governance and Stewardship, Application Development and 3rd Party Integration, Strategic and Secure Infrastructure and Operations. The Technology Solutions Department collaborates closely with Firm leadership and business unit heads to develop plans in line with business objectives. Position Responsibilities TS seeks a candidate with a strong security mindset, deep passion for cyber and information security and a proven record of driving security improvements in enterprise environments. In addition to managing staff, this role will focus on planning, designing and executing security-related projects, processes and procedures in a Microsoft-oriented environment with an emphasis on technical competency in the areas managed. Focus areas for this position will include operating system and cloud platform security architecture and threat modeling of both applications and IT infrastructure. The individual will serve as the Firm's cyber defense lead during major security incidents by activating the Firm's CSIRT, coordinating cross functional response teams and providing clear, timely communication with technology leadership and key stakeholders throughout the lifecycle of an incident. Responsibilities include: Continuously monitoring and analyzing the global cybersecurity threat landscape including active threat actors, attack techniques and emerging vulnerabilities, and translating that intelligence into actionable guidance, priority defensive actions and incident readiness for the Firm Owning the continuous improvement of the Firm's cybersecurity control environment by identifying control gaps driven by emerging threats, designing defensive enhancements and leading the implementation of new or improved technical, procedural and detective controls across infrastructure, applications and cloud platforms Establishing and leading an enterprise threat modeling and risk assessment program that proactively identifies how adversaries could exploit applications, infrastructure and third-party integrations and embeds those assessments into application design reviews, architecture decisions and major technology implementations Managing and mentoring other Cybersecurity Team members Leading multiple simultaneous cybersecurity projects Engaging with vendors on support issues and performing regular product and business reviews Providing Level 3 problem management and troubleshooting Providing documentation on security processes and best practices to be followed by the Service Desk Team Meeting deadlines and collaborating with internal and external TS Teams Candidate Requirements Qualifications & Experience: Bachelor's degree required CISSP, CISM, SSCP, Microsoft SC-100 or SC-900 are a plus 15+ years of experience supporting information security, executing security-related projects and applying security best practices in a medium-to-large sized organization Staff management (previous management experience required) Demonstrated prior experience planning and executing the security components of a Microsoft-centric technology organization 3+ years of threat modeling and assessment work on applications and IT infrastructure Experience with the Microsoft Defender XDR suite and the Zscaler network security suite Windows Operating System security Entra ID and Active Directory security Microsoft Azure cloud security Familiarity with DevOps and Application Development security Deep technical understanding of how security products work and how to make them work better Business acumen to understand the impact IT security and technology has on business outcomes Enthusiastic about working in office and creating a Gold Standard hybrid work culture Critical Competencies for Success Our Gold Standards Model defines key behaviors and competencies across 4 dimensions: Leadership, Achieving Results, Personal Effectiveness and Thinking Critically. These behaviors and competencies drive our ability to win together. Leadership: Role models in this area consistently focus on the right goals and priorities and continually develop themselves and others. Always team players, they influence and engage with