Head of Cybersecurity Risk Management and Incident Response

Position SummaryFocus Financial Partners is seeking a Head of Cybersecurity Risk Management and Incident Response. They will be responsible for building and enhancing the firm-wide strategy and execution of cybersecurity risk management program, and mitigation efforts. This leadership role ensures the organization's digital assets, infrastructure, and data are protected against internal and external threats while aligning with business goals and regulatory requirements. This role can be based in New York, NY / St Louis. MO / Remote

Primary Responsibilities

• Develop and lead the enterprise cybersecurity risk management framework, including risk assessments, controls, and reporting.
• Identify, analyze, and assess cybersecurity threats, vulnerabilities, and risks across infrastructure, applications, and third-party vendors.
• Partner and collaborate with IT, Legal, Compliance, and ERM teams to maintain a robust cyber risk posture.
• Establish key risk indicators (KRIs), control standards, and risk mitigation plans; ensure timely remediation of findings.
• Lead cyber risk governance initiatives, including executive and board-level reporting, risk registers, and audit support.
• Evaluate and implement cyber risk tools and platforms for threat intelligence, risk scoring, and control tracking.
• Establish and Implement vulnerability management program.
• Oversee third-party risk assessments related to cybersecurity, including cloud providers, SaaS vendors, and managed services.
• Stay informed on current and emerging cybersecurity threats, regulatory changes (e.g., NIST, ISO 27001, NYDFS, GDPR), and best practices.
• Drive incident response readiness and response, conduct tabletop exercises focused on cyber risk impacts.
• Build and lead a team of cyber risk professionals; foster a culture of risk awareness across the organization.

Qualifications

• 10+ years of experience in cybersecurity, with at least 5 years in cyber risk management within a financial services setting (e.g., banking, asset management, fintech, insurance).
• In-depth understanding of financial regulatory requirements impacting cybersecurity (e.g., NYDFS Part 500, GLBA, SOX, FFIEC, GDPR)
• Proven track record of building and managing cyber risk programs in a regulated environment.
• Familiarity with GRC platforms used in finance (e.g., Drata, Archer, OneTrust).
• Exceptional communication skills with the ability to translate technical risk into business impact for executive and board-level audiences.
• Relevant certifications such as CISSP, CRISC, CISM, or CISA strongly preferred.
• Bachelor's or Master’s degree in Information Security, Risk Management, Computer Science, or a related field.

About Focus Financial PartnersFocus is a leading partnership of fiduciary wealth management and related financial services firms. Focus provides access to best practices, greater resources, and continuity planning for its affiliated advisory firms, which serve individuals, families, employers, and institutions with comprehensive financial services. Focus firms and their clients benefit from the solutions, synergies, scale, economics, and best practices offered by Focus to achieve their business objectives. For more information about Focus, please visit www.focusfinancialpartners.com. The annualized base pay range for this role is expected to be between $220,000-$230,000.  Actual base pay could vary based on factors including but not limited to experience, subject matter expertise, geographic location where work will be performed, and the applicant's skill set.  The base pay is just one component of the total compensation package for employees.  Other rewards may include an annual cash bonus and a comprehensive benefits package. 
#LI-CH1