Director, Information Security Risk Management
LocationChicago, IL; New York, NY; London, UK; Hong Kong; Remote
About Breakwater SolutionsBreakwater helps mitigate risk and gain insight from sprawling information by combining technology automation and human expertise. Our expert consulting, software, and managed services address the challenges within information governance, disputes and investigations, regulatory compliance, privacy, and cybersecurity. Breakwater launched in 2020 with technology from IBM and private equity funding from JLL Partners. We are a global hyper-growth company. It is an exciting time to join us!
Job SummaryThe Director, Information Security Risk Management will fulfill client demands for an ad-hoc, interim, or fractional information security officer (CISO). Provide executive-level guidance on all areas of cybersecurity and cyber risk management to clients across a wide array of industries, geographies, and organizational structures. Act as the client’s advocate for cybersecurity risk management and provide strategic and technical leadership in this area. Cultivate and maintain client relationships and source new opportunities through business development efforts, cross-practice introductions, external networking, and thought leadership. Develop and mentor team members.
You will partner with Breakwater consulting leadership to develop and deliver expert-level cybersecurity and risk management service offerings for clients. Conduct and review security program risk assessments based on cybersecurity frameworks, regulations, and industry best practices. Assist clients in directing their information security strategy and align security programs with client business priorities. Advise senior leadership and Boards of Directors on cybersecurity risk and advocate for the management of that risk. Forecast and develop a budget, as required, for cyber-related functions in collaboration with senior leadership.
Collaborate with our clients’ key stakeholders to understand cyber risks to critical business functions and data, and identify enterprise cyber risk tolerances against which the information security program will be built and measured. Create, enhance, review, and approve security policies, standards, controls, and processes as warranted by each client engagement. Identify risks and create actionable plans to protect the business, and schedule periodic security audits to validate control effectiveness.
Identify appropriate toolsets and services to be implemented to identify, prevent, detect, and respond to potential threats with corresponding communication and action plans. Direct client responses to actualized cybersecurity events. Direct investigations after breaches or incidents and perform root cause analysis to identify missing or defective controls needed avoid subsequent, similar events. Evaluate, manage, and adjust security personnel and staffing levels to ensure proper knowledge of the ever-changing industry landscape to defend against threats.
Skills + Qualifications
- 12+ years of relevant consulting and / or industry experience.
- Demonstrated experience and success in designing and implementing an organization’s cybersecurity program; verifiable industry experience as CISO or equivalent role. Experience in a global, complex, highly regulated firm a plus.
- Practical experience in both the first and second lines of defense. Experience in third line a plus.
- Expert-level knowledge of applicable laws and regulations (e.g., HIPAA/HITRUST, GLBA, CCPA, GDPR, CMMC, FISMA, FFIEC) and industry standards (e.g., PCI, SWIFT, NIST, ISO, CIS) as they relate to privacy, security, and compliance.
- Technical proficiency in a wide range of cyber risk management services, including penetration testing, vulnerability assessments, and cybersecurity framework assessments, among others.
- Excellent client management skills including understanding of clients’ needs and desired outcomes in cybersecurity and risk management engagements.
- Experience in building transparent and collaborative relationships
- Excellent written and verbal communication skills; experience in public speaking and/or thought leadership development a plus.
- Strong attention to detail and ability to document findings and effectively convey information to audiences at all levels within an organization.
- Cybersecurity industry certifications such as CISSP and CISM, CISA, C|CISO a plus.
- Technical certifications such as GIAC, OSCP, or CEH valued but not required.
- Bachelor’s degree required; advanced degree such as MS, MBA, or JD a plus.
- Ability to travel globally as needed to meet business demands
Perks + Benefits
- Compensation – we offer market competitive salaries
- Generous Time Off – we provide competitive time off for you to enjoy life, rest, and recharge
- Health Benefits – we offer a variety of plan medical, dental, and vision options to best fit your needs
- Life + Disability Insurance – we provide plans to ensure you are supported in the most critical life events
- Perks + Programs – access to Retirement/Pension, Employee Assistance Program, Financial Health Advocacy Services, Legal Insurance, employee discounts, and more!
How to Apply
Please send your resume to firstname.lastname@example.org.
Equal Employment Opportunity Statement
Breakwater is proud to be an equal opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals and in which all people processes are merit-based and applied without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship, or other protected characteristic under federal, state or local law.
Unsolicited Resumes Not Accepted
Please note that as per our policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person, or entity that submits an unsolicited resume does so with the understanding that Breakwater will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person, or entity.