Associate Director, Information Security Risk Management
LocationChicago, IL; New York, NY; London, UK; Hong Kong; Remote
About Breakwater SolutionsBreakwater helps mitigate risk and gain insight from sprawling information by combining technology automation and human expertise. Our expert consulting, software, and managed services address the challenges within information governance, disputes and investigations, regulatory compliance, privacy, and cybersecurity. Breakwater launched in 2020 with technology from IBM and private equity funding from JLL Partners. We are a global hyper-growth company. It is an exciting time to join us!
Job SummaryAn Associate Director of Information Security Risk Management: Provides deep cybersecurity expertise and knowledge to fulfill client demands for information security risk management, and complements a variety of ad-hoc, interim, and fractional information security officer (CISO) roles globally. Leads in the assessment, design, development, and implementation of technology enabled solutions. Provides management-level guidance on all areas of cybersecurity and cyber risk management to clients across a wide array of industries, geographies, and organizational structures. Acts as the client’s advocate for cybersecurity risk management and provide strategic and technical leadership in this area. Cultivates and maintains client relationships. Inspires thought leadership throughout the profession and mentors fellow team members across Breakwater’s global footprint.
You will partner with Breakwater consulting leadership to:develop and deliver expert-level cybersecurity and risk management service offerings for clients. Conduct and review security program risk assessments based on cybersecurity frameworks, regulations, and industry best practices. Assist clients in aligning their security programs with key business priorities. Develop and manage client cybersecurity risk management strategies, frameworks, methodologies, and approaches.
You will collaborate with our clients’ key stakeholders including CCOs, CROs, CLOs, CIOs and CISOs. Prepare draft proposals and/or engagement letters for providing services in accordance with established standards and confer with leadership for input and approval of planned engagements. Define/mature, document, and publish information security policies, standards, and procedures. Present and shepherd new policy frameworks through client security governance process. Partner with client’s Technology, Architecture, and Engineering teams as needed to identify and assist in the deployment of required controls and risk mitigation plans.
You will identify appropriate toolsets and services to be implemented by the client to identify, prevent, detect, and respond to potential threats with corresponding communication and action plans. Direct client responses to actualized cybersecurity events. Participate or lead investigations after breaches or incidents and perform root cause analysis to identify missing or defective controls that are needed avoid subsequent, similar events.
And you will maintain your tradecraft by attending professional meetings and conferences, reading publications, and attending formal and informal training as needed. Where possible, you will engage in community and professional activities to maintain professional relationships and for exposure to clients and potential clients.
Skills + Qualifications
- 8+ years (minimum) of demonstrated work experience in designing and implementing various components of an organization’s cybersecurity program. Experience in a global, complex, highly regulated organizations a plus
- Excellent working knowledge of applicable cyber laws and regulations (e.g., HIPAA/HITRUST, GLBA, CCPA, GDPR, CMMC, FISMA, FFIEC) and industry standards (e.g., PCI, SWIFT, NIST, ISO, CIS)
- Technical proficiency in a wide range of cyber risk management services, including architectural design, source code development and review, penetration testing and vulnerability/risk assessments
- Experience with architecting security for, and assessing security controls of, public cloud platforms (e.g., AWS, GCP, ACP) a plus
- One or more cybersecurity industry certifications (e.g., CISSP and CISM, CISA, C|CISO) and/or technical certifications (e.g., GIAC, OSCP, AWS CSA Pro, Azure SAE, or CEH) required
- Experience in building transparent, collaborative relationships with internal and external stakeholders, including auditors and regulators
- Excellent written and verbal communication skills; experience in public speaking and/or thought leadership development a plus
- Ability to multi-task, prioritize, and manage time effectively
- Bachelor’s degree required; advanced degree such as MS, MBA, or JD a plus
- Ability to travel globally as needed to meet business demands
Perks + Benefits
- Compensation – we offer market competitive salaries
- Generous Time Off – we provide competitive time off for you to enjoy life, rest, and recharge
- Health Benefits – we offer a variety of plan medical, dental, and vision options to best fit your needs
- Life + Disability Insurance – we provide plans to ensure you are supported in the most critical life events
- Perks + Programs – access to Retirement/Pension, Employee Assistance Program, Financial Health Advocacy Services, Legal Insurance, employee discounts, and more!
How to Apply
Please send your resume to email@example.com.
Equal Employment Opportunity Statement
Breakwater is proud to be an equal opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals and in which all people processes are merit-based and applied without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship, or other protected characteristic under federal, state or local law.
Unsolicited Resumes Not Accepted
Please note that as per our policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person, or entity that submits an unsolicited resume does so with the understanding that Breakwater will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person, or entity.