Director, Data Protection

s
Company: Cambridge Associates LLC
Location: Arlington, VA 22201

Apply

Company and Department Overview:

Cambridge Associates is a leading global investment firm. We work with endowments, foundations, health care organizations, pension plans, and private clients around the world to build investment portfolios that help them meet their objectives within a set of risk parameters unique to each organization. We offer a variety of services to provide portfolio management services that complement the institution’s own resources. Committed to independence since our founding more than 40 years ago, we are motivated only by what is best for our clients.

Our clients trust the experience, leadership, and integrity of our investment professionals. With more than 1,200 employees in ten locations around the globe, this extensive network helps us to identify and access the best global investment opportunities all over the world for our clients’ portfolios.

CA maintains an information security program which sets the policies for accessing, collecting, storing, using, transmitting and protecting electronic, paper and other records. The purpose of this program is to establish administrative, technical, and physical safeguards to protect information that is owned, licensed, stored or maintained by CA. The Chief Information Security Officer (CISO) oversees the program with the support of a dedicated team of information security professionals.

Description:

  • Responsible for overseeing the development and execution of the corporate data protection program. This program is focused on nuts-and-bolts implementation of technical solutions for protecting data in addition to business process re-engineering and policy work.

  • Understand and document key business processes in the back-, middle-, and front-office

  • Identify and remediate areas of security weakness and constructively engage stakeholders in the process of remediation

  • Responsible for supporting incident response, as needed, based on the corporate Computer Security Incident Response Plan (CSIRP)

  • Execute on project delivery and incorporate an understanding of standard business processes into the threat detection framework of the security operations teams

  • Act as an internal consultant on enterprise information security matters, including data privacy

  • Act as a liaison between Information Security, Legal, Risk and Sr. Management

  • Design, implement and manage innovative solutions to complex security and infrastructure environments

  • Apply an understanding of operating systems, network/system architecture, protocols, and enterprise services, and enterprise architecture design during day to day security activities

Required Qualifications:

Knowledge/Skills/Abilities:

  • Experience working in financial / asset management institutions and an understanding of back-office processes, particularly investment operations

  • Self-starters who are responsible, motivated, and able to work well in a collaborative environment

  • Previous management, budgeting, and project management experience

  • Successful track record and previous applicable experience

  • Excellent communication skills, including the ability to communicate effectively in both formal and information contexts, in a fashion tailored for the audience

  • Understanding of key management / frameworks, such as NIST CSF

  • Ability to handle significant amount of confidential information

  • A strong hands-on information security skills and experience

  • Affinity for writing and presenting; the ability to write formal documentation, reach agreement with others, and explain detailed documents to others as needed

  • Demonstrated ability to lead and motivate

  • Strong process analysis and problem-solving skills

  • Capacity to focus on details, while effectively managing ambiguity

  • Superior organization and follow-up skills

  • A bachelor’s degree in a related field preferred