AddressWho We Are:
As a leading global investment management firm, AB fosters diverse perspectives and embraces innovation to help our clients navigate the uncertainty of capital markets. Through high-quality research and diversified investment services, we serve institutions, individuals, and private wealth clients in major markets worldwide. Our ambition is simple: to be our clients’ most valued asset-management partner.
With over 4,400 employees across 51 locations in 25 countries, our people are our advantage. We foster a culture of intellectual curiosity and collaboration to create an environment where everyone can thrive and do their best work. Whether you're producing thought-provoking research, identifying compelling investment opportunities, infusing new technologies into our business, or providing thoughtful advice to clients, we’re looking for unique voices to help lead us forward. If you’re ready to challenge your limits and build your future, join us.
Who You'll Work With:
We are seeking a Nashville based Director of Information Security Risk and Operations to join our Infrastructure Risk Management team in Global Technology & Operations reporting directly to the Chief Information Security Officer.
Team/Group Description
The Infrastructure Risk Management (IRM) is a department within Global Technology and Operations (GTO) that operates an enterprise-wide integrated infrastructure risk management program which employs a holistic approach to manage cybersecurity, Information Security, data privacy, physical security and business continuity led by the Chief Security Officer.
What You'll Do:
The Director of Information Security Risk and Operations is a key enterprise role, reporting directly to the Chief Information Security Officer, for AllianceBernstein helping advance the overall cybersecurity program for the firm, responsible for identifying, evaluating and reporting on Information Security Risks, overseeing cyber operations, threat & vulnerability management, and 3rd party security evaluations. The position will have direct reports.
Applications and business or enterprise functions the role supports
The Director of Information Security Risk and Operations will work with corporate IT, infrastructure services, identity access operations, business continuity management, data privacy and other business units.
Key job responsibilities include, but are not limited to
Oversee the company’s Threat & Vulnerability, Cyber Security Operations, Threat Hunting, Incident Response and Infrastructure Risk functions.
Manage the organizations 3rd party cyber risk exposer by overseeing 3rd party vendor security assessment function.
Lead security experts and manage technology to support a secure infrastructure; lead strategic security planning with technology and risk management teams and users across the company.
Coordinate use of external resources involved in the Information Security program including, but not limited to, interviewing, negotiating contracts and fees, and resource allocation.
Ensure the completion of annual Information Security Risk assessments.
Implement a process for regularly validating security requirements for internally developed applications.
Coordinate Information Security projects with staff from the technology organization and business unit teams. Ensure the execution and review of internal and external network and systems vulnerability assessments, pen tests and Red Team assessments.
Provide security guidance for IT projects, including evaluation and adjustment of technical controls.
Support business functions with client due diligence questionnaire responses and attend client due-diligence reviews as needed.
Support external and internal audit assessment activities.
Develop, track, and report threat intelligence metrics and KPIs (Key Performance Indicators) to senior leadership.
Lead incident management and defense coordination against emerging cyber threats and critical vulnerabilities
Evaluate any new security services, software and technology for the functional areas of responsibility.
Ensure timely renewals of service contracts for areas of responsibility.
Maintain expertise in the area of Information and Cyber Security, including industry trends, strategies, new vulnerabilities and threats to ensure the company’s assets are effectively and appropriately secured.
Develop and maintain relationships with key stakeholders, including IT teams, business units, and external partners.
Monitor and analyze cyber security threats and trends and develop strategies to enhance the services mitigating risks.
Keep abreast of and help ensure compliance with regulatory requirements and industry standards related to cyber security.
Contribute to Information Security policies and procedures updates as needed.
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and in compliance with policies, operational and regulatory requirements.
Promote industry best practices for incident response, cybersecurity analysis, vulnerability management and SOC operational services.
Promote and drive implementation of automation and process efficiencies.
Have fun and enjoy your work.
What makes this role unique or interesting (if applicable)?
This is a role for someone that enjoys leading security teams, work across teams in an organization, roll up their sleeves to develop and maintain good processes, work with technology, has an analytical mind, and has a continues appetite to learn and adapt to an ever-changing cyber security threat landscape. In addition, shows pride in the journey as well as results and of course have fun in a global company.
Professional development value of this role (i.e., what learning and professional growth does the role offer the candidate?)
This role will provide the successful candidate future growth opportunities within IRM department and the broader GTO organization as their business acumen, tech skills and experience develop within AB’s technology and Operations areas.
What We Are Looking For:
Bachelor's degree in computer science, cyber security, information technology, or a related field
10+ years of experience in cyber security operations, with at least 3 to 5 years in a leadership role
Strong knowledge and practical skills in cyber security technologies, tools, and best practices
Experience managing a team of cyber security professionals
Experience with Information Security governance, Risk and compliance processes
Excellent communication and interpersonal skills, with the ability to build relationships with stakeholders at all levels of the organization
Strong analytical and problem-solving skills
Experience working in a regulated industry, such as Financial Services, is a plus
Relevant certifications, such as CISSP, CISM, or GIAC are preferred.
Excellent problem-solving and decision-making skills
Ability to communicate clearly to several levels of management (including executive management), across various business units in the organization
Excellent verbal and written communication skills
Ability to adapt communication to a wide range of technical, functional, and cultural backgrounds
Able to think and operate independently with limited guidance
Qualifications, Experience, Education
Excellent program management, prioritization, and organizational skills
Progressive leadership roles and relevant experience as a team lead in various Information and Cyber security disciplines supporting company Information Security departments.
Skills
Leading high-performance global teams
Demonstrated mastery of the lifecycle of cybersecurity threats, attack vectors, and methods of exploitation with an understanding of intrusion tactics, techniques, and procedures (TTPs)
Knowledge of and ability to apply various Intel Frameworks (e.g., Cyber Kill Chain, MITRE ATT&CK and D3FEND)
Technical understanding of core current cybersecurity technologies as well as emerging capabilities
Leadership experience creating, building, and maintaining strong teams, particularly in a cybersecurity environment.
Experience creating, collecting, and assembling metrics for reporting.
Experience working with SIEM platforms
Experience conducting risk assessments
Experience working with on-prem and Cloud technology security platforms and applications.
Special Knowledge (if applicable)
Experience with global security and privacy standards and regulations such as GDPR and CCPA is a plus
Degree in Information Security, IT, data analytics, risk or similar.
Any industry certifications, such as CISSP, CISM, OSCP, CCSP, CSSLP, GIAC or others within the Information Security field is a plus.
Experience with ISO/IEC 27001, NIST CSF standards
Global company experience.
AB does not discriminate against any employee or applicant for employment on the basis of race, color, religion, creed, ancestry, national origin, sex, age, disability, marital status, citizenship status, sexual orientation, gender identity, military or veteran status or any other basis that is prohibited by applicable law. AB’s policies, as well as practices, seek to ensure that employment opportunities are available to all employees and applicants, based solely on job-related criteria.
Nashville, Tennessee
