Head of Cyber Security at Ariel Investments

About the job

Ariel Investments is a premier, boutique, asset management firm. Our primary goal is to drive exceptional investment returns by bringing diverse perspectives together. The only way to beat a benchmark is to not look like one. As value investors, our thinking is deliberate and unconventional. We offer an independent, patient investing approach and aim to deliver excellence in any environment. We uphold our fiduciary responsibility to every shareholder, no matter how big or small.

At Ariel, we strongly believe that teamwork yields results—which is why we have Co-CEOs John W. Rogers, Jr and Mellody Hobson share a desire to cultivate leaders who are curious, focused and disciplined. We are nimble and efficient. Our drive is fanatical and intentional. Everyone plays their position, and each contribution is critical to our firm’s success. We seek subject matter experts who are unapologetically themselves. We encourage our employees to reach their full potential and we give them the runway to do so.

After four decades of active investing, we remain committed to our clients, our teammates and our community. We strive to be best-in-class investors and pioneer a path for those who entrust us with their financial future.

Position Summary:

Ariel Investments is looking for an experienced and hands on Head of Cyber Security.  Reporting to the CTO, this role will build our cyber and information security architecture by defining, designing, and implementing a modern, flexible, and scalable platform that enables the continued transformation of our business.   They will oversee all aspects of our security architecture as well as our cyber, information, and data security programs.  The Head of Cyber Security will need to be extremely agile to keep Ariel ahead of an ever-changing threat landscape, while still being a player and coach while building out our cyber capabilities. 

Responsibilities:

• Work with the CTO to design and implement a comprehensive enterprise-wide cybersecurity strategy to protect the company's entire portfolio of public cloud, private cloud, SaaS, and internally developed systems. 
• Lead the design, implementation, and management of security controls, including firewalls, intrusion detection systems, encryption, and access controls.
• Identify and assess technical security control risks and recommend risk mitigation strategies, working with stakeholders to ensure the organization's risk profile is managed effectively. 

• Establish and manage a Security Operations technical architecture to provide 24x7x365 continuous monitoring and investigation of correlated security event feeds and the appropriate triage and escalation in case of an identified security events. 
• Hands on experience in security systems, including vulnerability management, identity and access management, security risk assessments, application testing, etc 
• Provide guidance on systems hardening for cyber resilience of all cloud hosted platforms and other SaaS solutions (AWS, Azure, GCP.)
• Lead audits and assessments to evaluate the effectiveness of cybersecurity controls and ensure compliance with internal and external requirements.
• Working with the CTO other cyber vendors to identify new threats, attack methods, and techniques to then execute protection/response plans as required.
• Subject matter expert in Microsoft security stack along with exposure to best in class vended solutions for SIEM, SOC, penetration testing, internal/external thread management, etc.

Qualifications:

• Bachelors, or advanced degree in computers science with 10+ years’ experience in a fast paced, highly regulated, financial services industry. 
• Professional certifications in cybersecurity, such as CISSP, CISM, CISA, or suitable CISCO certifications a must.
• 10+ years of progressive experience in driving enterprise-wide cybersecurity architecture, design, and strategy.
• Significant experience across intrusion detection and mitigation, cyber network Defense, Network Traffic Analysis, operating system security, forensics, incident response, cyber threat hunting or modeling.   
• Proven people leader and culture carrier who can manage a small internal team along with a portfolio of external vendors. 
• Excellent communication skills — providing verbal and written communication that is clear and concise to senior management, key stakeholders, and the Tech organization.