Head of Cybersecurity and IT Risk chez Dimensional

Notes to applicants:

• Dimensional sees great value from collaborating in our offices and appreciates the benefits of flexibility. Most roles fit our office-first hybrid approach: We are together on our campuses Tuesdays, Wednesdays, and Thursdays and have the choice to work in the office or remotely, depending on what is best for that work day, on Mondays and Fridays. This approach maximizes in-person collaboration and interaction while simultaneously providing flexibility and applies to most roles globally with a few exceptions that require more or less time in the office. Please discuss with your Recruiter to confirm the details for this specific role.

• Resumes and portfolios (when applicable) are required as part of your application. When applying from a mobile device or tablet, you may not be able to attach a resume. If you cannot include an attachment at the time of your application, you will receive a follow up email asking you to attach your resume from a computer.

• Here at Dimensional, we strive to be an inclusive workplace for all. Even if you do not match every qualification listed, if you are interested in who we are, what we do, and why we do it, we suggest and encourage you to apply.

• The use of Artificial Intelligence during interviews and skill testing is prohibited, unless Dimensional Fund Advisors has authorized such use.

• If you require reasonable accommodation in completing this application, interviewing, or otherwise participating in the employee selection process, such accommodation is available upon request.

Job Description:

The Technology Department at Dimensional leverages the rapidly evolving state of the art to engineer the platforms that power the innovative, research-driven financial and technical products to improve our client’s financial lives. 

As leader of the Cybersecurity and IT Risk teams, you will develop the next evolution of the Cybersecurity/Risk Program, including maturing operational capabilities, implementing new defensive strategies, building threat intelligence/management capabilities and driving down risk across the enterprise.

Responsibilities: 

• Assess, evolve and lead the Cybersecurity program to achieve appropriate levels of risk for the enterprise.

• Establish and drive a risk framework to identify areas of opportunity for further risk mitigation.

• Manage and grow a multidisciplinary team personally and professionally to meet enterprise and individual goals.

• Interface regularly with Executive Management and the Board of Directors to ensure alignment of our control portfolio and associated outcomes.

• Partner with peers in technology, legal, compliance and enterprise risk to ensure alignment of goals and outcomes.

• Ensure that we meet or exceed regulatory standards and commitments; stay informed of the ever-changing regulatory landscape. 

• Drive incident management capabilities through leadership and rigorous process.

• Measure everything.  Create visibility for executives and board members as well as operational teams.

• Report to boards, executives, and key stakeholders on our state of risk.

• Optimize operational capabilities to provide robust detection/prevention capabilities and produce actionable intelligence.

• Design/refine/implement a threat informed defense.  

Qualifications:  

• Bachelor’s degree in Computer Science, Information Systems/Technology, Cybersecurity, Risk Management, or a related field, or equivalent practical experience. Advanced degree a plus.

• 10+ years’ experience in building/managing enterprise cybersecurity/risk functions. 

• Proven track record of building and managing security subteams (engineering, operations, GRC, etc) effectively improving the security posture of an organization.

• Experience with organizational change management and a focus on managing user experience.

• Deep understanding of technology infrastructure and its role in enabling business operations.

• Experience interfacing and communicating with executives in the capacity of cybersecurity/risk responsibilities.

• Familiarity with financial/cybersecurity regulatory frameworks and responsibilities.

• Experience leading enterprise scale projects, processes/initiatives.

Preferred Competencies: 

• Certifications in one or more of the following preferred: CISSP, GSLC, GSOM, GISP, GCIL, OSCP, GSE

• Experience with international regulatory data protection and privacy standards (GDPR, DORA, etc). 

• Experience in incident management and reporting.

• Experience in the financial services industry, particularly familiarity with relevant regulatory requirements

#LI - Hybrid

Dimensional offers a variety of programs to help take care of you, your family, and your career, including comprehensive benefits, educational initiatives, and special celebrations of our history, culture, and growth.

It is the policy of the Company to provide equal opportunity for all employees and applicants.  The Company recruits, hires, trains, promotes, compensates, and administers all personnel actions without regard to actual or perceived race, color, religion, religious practice, creed, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), caregiver status, gender, gender identity, gender expression, transgender identity, national origin, age, mental or physical disability, ancestry, medical condition, marital status, familial status, domestic partnership status, military or veteran status or service, unemployment status, citizenship status or alienage, sexual orientation, status as a victim of domestic violence, status as a victim of stalking, status as a victim of sex offenses, genetic information, political activities or recreational activities, arrest or conviction record, salary history, natural hairstyle or any other status protected by applicable law except as otherwise required or permitted by law or regulation applicable to the Company or its affiliates.