Information Security Director

Total Compensation is targeted at $275K - $350K. To be determined based on candidate's credentials, experiences, and potential value to the department / firm.

Information Security Director

Position Overview:

Our client is a leading, privately held U.S.-based alternative investment firm with a 20+ year track record and a multi-billion-dollar asset base. The firm serves a global institutional investor base from its Los Angeles headquarters through a scaled and integrated investment platform spanning public and private credit strategies, including corporate credit, private credit, liquid credit, asset-backed finance, and opportunistic investments.

As the firm continues to scale, it is seeking a senior information security leader to own and advance its information security program. This role is responsible for protecting the firm’s systems, data, and intellectual property while ensuring the organization meets its regulatory and governance obligations in an increasingly complex threat environment.

The Director of Information Security will define the firm’s security direction, oversee day-to-day security operations, and provide clear, practical guidance to executive leadership and governance bodies. This individual will balance long-term planning with hands-on oversight to ensure security controls are effective, scalable, and aligned with how the business operates.



The role requires sound judgment, strong leadership, and the ability to communicate risk in business terms. Working closely with technology, legal, compliance, and business teams, the Director will embed security into core processes, support continued growth, and strengthen the firm’s overall resilience. This leader will ultimately be accountable for maintaining trust with clients, partners, regulators, and internal stakeholders through disciplined and well-executed security practices.

Responsibilities will include (but not be limited to):

Information Security Program Leadership

• Own and lead the firm’s enterprise information security program, including cybersecurity operations, identity and access management, risk assessment, incident response, and security awareness.
• Develop, maintain, and enforce information security policies, standards, and procedures in alignment with applicable legal, regulatory, and industry requirements.
• Define and manage a comprehensive security strategy covering network security, endpoint protection, data loss prevention, threat intelligence, monitoring, and incident management.
• Prepare and manage information security budgets and forecasts, ensuring disciplined and strategic allocation of resources.
• Stay current on evolving security threats, technologies, and best practices to continuously strengthen the firm’s security posture.

Risk Management, Governance & Compliance

• Establish and oversee the firm’s security risk management framework, including audits, vulnerability assessments, penetration testing, and remediation tracking.
• Partner closely with legal and compliance teams to support regulatory requirements, data privacy obligations, and security governance documentation.
• Prepare and deliver regular reporting to executive leadership and governance committees on security posture, risks, incidents, and strategic recommendations.
• Develop and maintain core security documentation, including the Information Security Program, Incident Response Plan, and related policies and procedures.

Security Operations & Incident Response

• Oversee security monitoring, alerting, and incident management activities, ensuring timely investigation, response, and documentation of security events.
• Lead incident response efforts to minimize business impact and drive effective remediation.
• Partner with IT leadership to ensure secure architecture, system hardening, patching practices, and the secure deployment of new technologies.
• Coordinate ongoing security testing and resilience activities, including disaster recovery and business continuity exercises.

Third-Party Risk, Team Leadership & Enablement

• Design and manage the firm’s third-party and vendor security risk management program, including due diligence, assessments, and ongoing oversight.
• Serve as the primary point of contact for managed security service providers and security vendors.
• Build, mentor, and develop a high-performing information security team, fostering accountability, collaboration, and professional growth.
• Lead firmwide security training and awareness initiatives, including onboarding education, phishing simulations, and ongoing communications.
• Collaborate with HR and business leaders to support access governance, onboarding and offboarding processes, and employee security controls.
• Communicate significant security developments, emerging risks, and best practices across the organization on an ongoing basis.

Qualifications:

• Minimum of 10 years of experience in information security, IT risk management, or a related field, including at least 5 years in a leadership capacity.
• Bachelor’s or Master’s degree in Information Security, Computer Science, Information Systems, or a related discipline.
• Professional certifications such as CISSP, CISM, CISA, or equivalent credentials.
• Demonstrated success designing, implementing, and operating an enterprise information security program within a complex, regulated environment.
• Strong understanding of cybersecurity risks across modern enterprise technologies and proven ability to manage and mitigate those risks.
• Deep familiarity with regulatory frameworks, audits, risk assessments, and governance requirements, with a strong preference for experience in the financial services and investment management sector.
• Experience presenting security posture, risk assessments, and incident reporting to executive leadership, governance committees, boards, and external stakeholders.
• Demonstrated capability in incident response planning, business continuity and disaster recovery, access control reviews, and vendor and third-party risk management.
• Proven ability to collaborate across technology, legal, compliance, and business teams, build consensus, and drive initiatives in complex organizations.
• Experience developing and delivering effective security training and awareness programs.
• Strong leadership, communication, and presentation skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
• Excellent organizational skills, with the ability to manage multiple initiatives, maintain rigorous documentation, and engage effectively with internal teams and external partners.