Vice President, Cybersecurity GRC

Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.

Job Description

We are seeking a highly motivated Cybersecurity Governance Risk and Compliance (GRC) professional who will be responsible for leading our Technology Risk Management Program. The successful candidate will oversee the identification, assessment, and mitigation of technology risks across the organization. Responsibilities include developing and implementing risk management strategies, ensuring adherence to technology risk policies and standards, and maintaining compliance with relevant regulations and frameworks.

This candidate must have excellent technical writing skills, strategic process development capabilities, and a deep understanding of various industry-standard technology risk management frameworks. They will be expected to collaborate with cross-functional teams, including Compliance, Enterprise Risk Management, Internal Audit, and Legal, to support and enhance our risk management initiatives. Strong verbal communication skills are essential, as the candidate will need to present risk management information to internal and external stakeholders effectively.

The candidate will be part of a talented team of Cybersecurity Professionals that demonstrate excellent technical competencies. This is an opportunity to support mission-critical Cybersecurity and Technology Risk Management efforts by ensuring we are proactively identifying gaps in our risk posture and proposing controls to address them. If you are a candidate looking to be a part of a dynamic team, that continuously challenges itself, is committed to learning and improving, and passionate about cybersecurity, then this could be the right opportunity for you!

Primary Functions & Responsibilities

• Develop and Lead Technology Risk Management Program ensuring alignment with organizational goals and industry best practices.

• Establish and manage a risk intake and identification process, conducting annual and ongoing risk assessments to identify, evaluate, and prioritize technology and cybersecurity risks.

• Develop and implement risk mitigation strategies and action plans to address identified risks, ensuring timely remediation and continuous improvement.

• Oversee the cybersecurity aspects of third-party risk management, including vendor assessments, contract reviews, and ongoing monitoring of third-party risks.

• Collaborate with various teams to integrate risk management practices across the organization.

• Create and deliver comprehensive risk reports and presentations to senior management, providing visibility into the risk landscape and the effectiveness of risk management efforts.

Qualifications

Education:

• Bachelor’s degree in Cybersecurity, Engineering, Information Security, Information Technology, Computer Science or other related disciplines.

Experience Required:  

• 10+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector.

General Requirements:

• Fundamental understanding and familiarity with global cybersecurity regulatory requirements, and security frameworks (ex. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), International Organization for Standardization (ISO)27001, American Institute of Certified Public Accountants (AICPA) Trust Services Criteria), General Data Protection Regulation (GDPR).

• Extensive experience with risk management frameworks such as COSO ERM, ISO 31000, and FAIR, and the ability to apply these frameworks to identify, assess, and mitigate technology and cybersecurity risks.

• Proven ability to quantify and analyze technology and cybersecurity risks using qualitative and quantitative methods, and to develop risk metrics and dashboards for effective risk monitoring and reporting.

• Strong technical writing skills for policy, standard, and procedure writing/editing.

• Strong strategic process development skills with a tendency toward automation.

• Proven experience conducting cybersecurity risk assessments and compliance audits.

• Familiarity with security controls implementation, monitoring, and improvement.

• Excellent communication skills to collaborate with cross-functional teams and stakeholders.

• Experience using data visualization tools to develop reports.

• Ability to build automated workflows using tracking software such as JIRA.

Reporting Relationships

Vice President, Cybersecurity Governance and Compliance

Compensation

The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.

$245,000 - $275,000

The firm also offers robust Benefits offerings. Ares U.S. Core Benefits include Comprehensive Medical/Rx, Dental and Vision plans; 401(k) program with company match; Flexible Savings Accounts (FSA); Healthcare Savings Accounts (HSA) with company contribution; Basic and Voluntary Life Insurance; Long-Term Disability (LTD) and Short-Term Disability (STD) insurance; Employee Assistance Program (EAP), and Commuter Benefits plan for parking and transit.

Ares offers a number of additional benefits including access to a world-class medical advisory team, a mental health app that includes coaching, therapy and psychiatry, a mindfulness and wellbeing app, financial wellness benefit that includes access to a financial advisor, new parent leave, reproductive and adoption assistance, emergency backup care, matching gift program, education sponsorship program, and much more.

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.