Consultant - Chief Information Security Officer (Fractional/Contract Role)

Join our experienced roster of consultants that support Hedge Funds and Family Offices.

Arootah is a personal and professional development leader in the Investment and Financial Services industry.

Our mission is to provide top business advisory services to our hedge fund client base.

Our Business Advisory Services focuses on the multi-faceted needs of Hedge Funds and Family Offices.

Arootah was founded by Rich Bello, the Co-Founder and COO of the industry-leading $10 billion hedge fund, Blue Ridge Capital. Rich brings more than 30 years of experience, including leadership positions at Morgan Stanley, Tiger Management, and Ernst & Young.

Visit us athttps://arootah.com/hedge-fund-advisory/for more information.

WHO WE NEED:

Arootah is searching for experienced Chief Information Security Officers to consult to our highly prestigious client base. As a consultant, you will work with our Hedge Fund and Family Office clients to provide expert advice. Having previously served in the role of Chief Information Security Officer you have specific, hands-on experience building, maintaining, and operating the full Cybersecurity Program for a leading Hedge Fund or Family Office.

• Provide advice and guidance to Arootah clients who seek help with their Cybersecurity needs. This will involve consulting to some of the leading Hedge Funds and Family Offices in the world and sharing your experience as a Chief Information Security Officer in helping clients to:
• Develop realistic and effective monthly action plans.
• Identify internal and contextual roadblocks.
• Break apart goals into actionable steps.
• Devise a plan of action for each goal.
• Provide the client with resources associated with implementing their action plan.
• Implement policies, procedures, and control measures.
• Review, analyze and report on client tools and resources to ensure industry best practices.
• Evaluate each client’s advancement toward goal actualization through key performance indicators (KPIs) and scoring matrices.
• Maintain and share detailed and accurate records of consulting results (challenges, breakthroughs, etc.).

• Develop, implement, and monitor a strategic, comprehensive enterprise and application IT cybersecurity program.
• Drive security standards across the organization, including information security policies, procedures, and guidelines.
• Create and maintain a security awareness training program.
• Analyze and test systems and processes to understand vulnerabilities to cyber threats.
• Partner with security experts and outside vendors to ensure all technology platforms meet all security requirements and continue to evolve over time to meet changing needs and best practices.
• Continuously and measurably improve technology and data security.
• Provide strategic and tactical vision, along with execution-focused on incident prevention, detection, and response.Identify, track, and communicate detailed metrics indicating overall security risk factors.
• Ensure the organization's capability to analyze and mitigate security threats.
• Work with team members and developers on the design and development of threat deterrence and defense technologies and risk mitigation infrastructure.
• Implement an incident response program to identify and respond if any breaches (internal or external) or misuse of data takes place.
• Conduct research to understand emerging threats and develop innovative risk management approaches, tools, and analytics to better manage risk.
• Brief executive leadership regularly on current cybersecurity threats and challenges, and the status of the information security management system.
• Lead the periodic internal risk assessment, document its findings, and develop recommendations to address deficiencies.
• Identify areas where automation and machine learning can improve the team’s scalability.
• Own the Information Security annual budget and operate within the budget.
• Provide leadership, supervision, coaching, and guidance across the team in achievement of organizational and departmental goals.

• A Bachelor’s degree in Computer Science, Computer/Electrical Engineering, Information Systems, Information Sciences, or a related field with a strong academic record.
• MBA or other relevant graduate degree is a plus.Certified Information Systems Security Professional (CISSP) or similar (CISA, CISM, etc.) is a plus.
• 7+ years of relevant experience at a hedge fund, family office, or financial institution serving as a Chief Information Security Officer.
• 5 or more years of IT implementation experience.
• Experience in cloud only, cloud first infrastructure, and deploying cloud information security solutions.
• Firm understanding and ability to implement zero-trust security.Firm understanding and experience with Software Defined Networking and Cloud Networking.
• Firm understanding of single sign-on and multi-factor authentication platforms.
• Experience driving discussions with senior personnel regarding trade-offs, best practices, project management, and risk mitigation.
• Firm understanding of work from anywhere models.
• Experience with IT compliance and risk management requirements.

• Contractor
• Hours are based on the needs of the assigned client (0-40 hours per week).