AVP/ Manager, Cybersecurity Governance, Risk and Compliance

Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.

Job Description

Reporting relationships

Reports to: Vice President, Cybersecurity Governance, Risk and Compliance

Primary functions & responsibilities

• Support the execution of the Technology and Cyber Risk Management Program, including risk assessments, issue tracking, and remediation follow-up.
• Assist in the review and analysis of IT vendor assurance artifacts (e.g., SOC reports, penetration test results) and maintain an up-to-date vendor inventory.
• Coordinate with third-party vendors and internal stakeholder groups (e.g., Legal, Procurement, Compliance, IT) to review and assess the cybersecurity risk posture of third parties.
• Facilitate cross-functional collaboration to ensure timely completion of vendor assessments and risk mitigation activities.
• Contribute to the maturity of the IT Third-Party Risk Management program by identifying process improvement opportunities and supporting the development of internal playbooks and procedures.
• Maintain and update GRC documentation, including risk registers, dashboards, and executive summaries.
• Document work products in GRC systems (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Support IT Risk & Audit activities, including the Quarterly Access Review (QAR), by working cross-functionally with IT Risk, Audit Support, and Internal Audit teams to ensure successful execution of the control across IT and business units.
• Participate in governance meetings and provide regular updates on assigned workstreams and deliverables.
• Communicate effectively with diverse audiences, including the ability to explain complex risk topics clearly and contribute to improving team communication practices.
• Take initiative in identifying risks, proposing practical solutions, and following through on tasks with appropriate guidance.
• Remain adaptable in a dynamic environment, working collaboratively across teams to simplify challenges and support program goals.
• Build strong working relationships with internal and external stakeholders, supporting alignment and trust across business units.

qualifications

Education:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Experience Required:  

• 8–12 years of experience in Cybersecurity, IT Risk Management, GRC, or related fields, preferably in the financial services or technology sector.

General Requirements:

• Strong knowledge and practical experience in IT Third-Party Risk Management, including vendor risk assessment methodologies, assurance artifact evaluation, and cross-functional coordination.
• Familiarity with cybersecurity frameworks and standards such as NIST CSF, ISO 27001, AICPA Trust Services Criteria, and GDPR.
• Experience with risk management methodologies (e.g., ISO 31000, COSO ERM).
• Proficiency in GRC platforms (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Proficiency in Microsoft Office tools (Word, Excel, PowerPoint, Outlook) for reporting, analysis, and communication.
• Strong analytical, technical writing, and documentation skills.
• Ability to work independently and collaboratively in a hybrid work environment.
• Excellent interpersonal skills, with a demonstrated ability to influence, mentor, and collaborate across teams and geographies.

Reporting Relationships

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.