Apply on Employer Site

Fortress Investment Group · 23 hours ago

VP, Information Security Lead

New York, NY

Full-time

Hybrid

Mid, Senior Level

$160K/yr - $175K/yr

7+ years exp

Fortress Investment Group LLC is a leading, highly diversified global investment manager. They are seeking a Vice President, Information Security Lead to oversee the design, execution, and remediation of the firm’s cybersecurity framework, ensuring compliance with various regulatory standards and managing application-level risks.

FinanceFinancial ServicesHedge FundsVenture Capital

Growth Opportunities

Hiring Manager

Christen Zellinger

Responsibilities

Lead the implementation and maintenance of controls for DORA (Digital Operational Resilience Act), ensuring the firm meets European operational resilience standards

Serve as a subject matter expert for GDPR (General Data Protection Regulation) and CPRA (California Privacy Rights Act) compliance, managing data mapping, subject access requests, and privacy impact assessments

Execute the security vetting process for new vendors; perform periodic due diligence as needed

Conduct deep-dive application security risk assessments for proprietary applications and third-party software

Lead the Business Impact Analysis (BIA) process to identify critical business functions and define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)

Partner with Infrastructure teams to design, document, and test disaster recovery plans, ensuring high availability for trading and investment operations

Serve as a senior escalation point for security incidents, assisting in containment, eradication, and post-mortem analysis

Assist with managing and monitoring the performance of our security operations center. Respond to escalated alerts as needed

Develop security metrics and risk posture dashboards for senior leadership

Lead and implement various technology projects to improve the security posture of the firm

Qualification

Information SecurityDORA complianceGDPR complianceCISSPCISMCISABusiness Impact AnalysisApplication SecurityRisk AssessmentSoft Skills

Required

7–12 years of progressive experience in Information Security, preferably within Financial Services or Alternative Investment Management industries

Proven track record of implementing controls associated with DORA, NIST, and other various regulatory frameworks

Bachelor's degree in Computer Science, Cyber Security, Business Administration, or related field

Certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor)

Excel as a self-motivated individual who can work on their own, as well as integrated with the infrastructure engineering and application development teams in joint projects

Evaluate situations and respond with solutions quickly in a high-paced and high-pressure environment

Build relationships with both IT and business personnel from all levels across the firm