The Investment Company Institute (ICI) is the leading association representing regulated investment funds, including mutual funds, exchange-traded funds (ETFs), closed-end funds, and unit investment trusts (UITs) in the United States, and UCITS and similar funds offered to investors in Europe, Asia, and other jurisdictions. ICI also represents its members on issues involving the capital markets, separately managed accounts (SMAs) and collective investment trusts (CITs). ICI’s mission is to strengthen the foundation of the asset management industry for the ultimate benefit of the long-term individual investor. 

The Senior Director, Information Security helps guide ICI’s global advocacy and thought leadership in information security policy matters; supports ICI’s global membership as members develop and maintains robust, effective information and cybersecurity practices and programs. Provides strategic leadership and expertise in developing and implementing internal information security and cybersecurity policies, procedures, and controls to ensure the confidentiality, integrity, and availability of ICI resources. Develops and helps implement information security strategies including vulnerability assessments, penetration testing, and cybersecurity awareness and training.

Essential functions of this role include:

Member/External-focus (estimated 75% of responsibilities)

• Coordinate and facilitate the ICI Chief Information Security Officer (CISO) Committee in the U.S. and ICI Global Information Security Committees for London and Tokyo in support of and in concert with ICI members.
• Develop collaborative, trusted relationships with member CISOs to facilitate information sharing of sensitive information and partnership on value-added, member-focused initiatives.
• Act as the primary information security resource for member-related public-facing activities, including engagement with government, press, ICI Board of Governors, and membership.
• Seek opportunities to expand sharing of ICI’s thought leadership on information security matters through conference participation, speaking engagements, press availability, and publications, as appropriate.
• Serve as named representative responsible for various industry partnerships where ICI has or develops a presence, including but not limited to CISA, FS/ISAC, NCFTA, FSSCC, and TINYg.
• Cultivate and deepen relationships with national law enforcement agencies in the U.S. (i.e., FBI) and internationally (e.g., National Crime Agency, U.K.; National Police Agency Cyber Division – Japan Cyber Crime Control Center, Japan)
• Administer the annual ICI Cybersecurity Survey to members and the IOSCO AMCC Global Cybersecurity Survey to global trade associations, including survey development, analysis, reporting, and ad-hoc presentation to participating members and trade associations.
• Manage and grow participation in the member-oriented, ICI-sponsored Threat Intelligence Platform among members’ information security professionals.
• Collaborate with ICI peers as part of the organization’s overall support of members’ and internal technology, information security, and data management needs.

Internal-focus, CISO program, (estimated 25% of time or as required to respond to events) 

• Work with leadership to maintain and evolve a comprehensive internal cybersecurity strategy aligned with, financial services industry best practices, and business objectives.
• Implement, enforce, and assess the effectiveness of security policies, standards, and procedures to protect sensitive financial data and information systems and remediate any identified gaps.
• Monitor security controls, including but not limited to encryption, data loss prevention, and identity and access management. Report on key security metrics and performance indicators to measure effectiveness.
• Oversee security incident response (SIRT) and resolution processes, including incident detection, analysis, containment, and recovery.
• Collaborate with internal stakeholders and external partners to assess and address security risks associated with third-party vendors and service providers.
• Stay current on emerging threats, technologies, and, in conjunction with the Law Department, regulatory developments in the financial services industry and provide guidance and recommendations to executive leadership.
• Support Internal Audit, external auditors, and outside consultants as appropriate on required security assessments and audits.
• Work with CIO to design security awareness and training programs to educate employees on cybersecurity best practices and promote a culture of security awareness.

If you have the following credentials, we encourage you to apply:

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or related field; advanced degree preferred.
• Proven experience (15 years) working in information or cybersecurity, with a consistent record of achievement. 
• Knowledge of cybersecurity principles, practices, technologies, and standards, such as ISO 27000 series, NIST Cybersecurity Framework, FedRAMP and GDPR.
• Solid understanding of risk management, compliance requirements, and regulatory frameworks relevant to the asset management industry.
• Excellent communication skills, with the ability to effectively convey complex technical concepts to non-technical stakeholders, orally and in writing.
• Strong leadership and interpersonal skills.
• Relevant industry certifications such as CISSP, CISM, or CISA are highly desirable. US government security clearance a definite plus.

ICI offers a competitive compensation and benefits package to include a comprehensive medical plan, generous 401(k) retirement savings plan, paid leave, commuting subsidies, and tuition reimbursement as well as training and development opportunities. Based in Washington, DC, ICI is conveniently located next to McPherson Square Metro station. This is a hybrid position with three days in the office and two working from home.

ICI is an Equal Opportunity Employer that values diversity and inclusion in the workplace.