Deputy Chief Information Security Officer, Information Technology

NISA Investment Advisors, LLC (NISA) partners with world-leading organizations to design, develop, and manage highly customized, risk-controlled investment strategies across fixed income, equities, and derivatives. With $462 billion assets under management ($295 billion in physical assets and $167 billion in derivatives notional value), NISA actively manages risk for institutional investors, providing clarity to complicated challenges and stability in ever-evolving markets. At NISA, we foster a culture that supports both personal and professional growth, providing opportunities to learn from experienced professionals while contributing meaningful work from the outset. We seek candidates who demonstrate strong quantitative and analytical skills, intellectual curiosity, and a collaborative mindset to join our growing teams.

The Deputy Chief Information Security Officer (Deputy CISO) holds enterprise-wide accountability for NISA's information security program, working alongside and deputizing for the firm's chief information security officer (CISO). The role leads core cybersecurity operations across the firm and provides the level of control and oversight expected of a leader in the financial services industry. The role is highly collaborative. The Deputy CISO will work closely with partners across the firm, including members of the technology solutions team, and will partner with the Chief Risk and Security Officer (CRSO) on enterprise cybersecurity risk matters. This person will also present to executive and board-level risk and governance committees, explaining and communicating recommendations regarding the firm's cybersecurity and technology risks in clear business terms.

Partner with the CISO to develop NISA's enterprise cybersecurity strategy and roadmap, and integrate it with the enterprise technology strategy
• Hold enterprise-wide accountability for NISA's information security program - its design, implementation and day-to-day operation
• Coordinate the development and maintenance of cybersecurity policies, procedures and standards to protect the organization's assets and information
• Oversee regular risk assessments and vulnerability scans to identify potential threats and vulnerabilities
• Manage cybersecurity incident response activities and lead investigations into security incidents
• Lead, mentor and develop the cybersecurity team; assess and strengthen the team's skills and capabilities, including augmenting and upskilling existing personnel
• Participate in the firm's third-party (vendor) risk management program, assessing and monitoring the security posture of vendors and service providers
• Support client-facing security due diligence, including responses to client and consultant security questionnaires, due diligence questionnaires (DDQs) and requests for proposal (RFPs)
• Manage security across NISA's hybrid on-premises and public-cloud environment (AWS and Azure), including identity and access management (IAM) as an evolving area of the program
• Work with internal teams and external vendors to select, implement and manage security technologies and tools, including firewalls, intrusion detection and prevention systems and security information and event management (SIEM) systems
• Maintain the security program against recognized control frameworks, including the NIST Cybersecurity Framework (CSF) and SOC 2
• Develop, implement and refine security controls and guardrails for the firm's adoption of artificial intelligence (AI) - an evolving area the Deputy CISO will be expected to manage as it matures.
• Ensure compliance with relevant cybersecurity regulations, including the firm's obligations as an SEC-registered investment adviser and applicable DOL regulations
• Develop and deliver cybersecurity training and awareness programs to educate employees on best practices for information security
• Support disaster recovery (DR) capabilities for critical technology services and contribute to the firm's operational resilience, partnering with the risk function, which owns business continuity planning
• Collaborate across the firm, including with the technology solutions team, to embed security into projects and day-to-day operations
• Present to executive and board-level risk and governance committees, explaining NISA's cybersecurity and technology risks and the controls in place to manage them
• Participate in security audits and assessments to ensure compliance with industry standards and regulations

• Bachelor's or master's degree, including demonstrated coursework in computer science, cybersecurity or a related field
• 12+ years of experience in cybersecurity, with significant leadership experience and a track record of progressive responsibility
• Demonstrated experience operating as a senior leader or second-in-command within an information security organization, with the ability to deputize for a CISO
• CISSP certification is required
• Experience managing security across hybrid on-premises and public-cloud environments (AWS and Azure), including identity and access management
• Experience operating a security program against recognized control frameworks such as the NIST Cybersecurity Framework (CSF) and SOC 2
• Strong knowledge of cybersecurity technologies and tools
• Experience with cybersecurity compliance regulations
• Experience managing and developing cybersecurity teams
• Experience developing a holistic program around cybersecurity, including engagement with business stakeholders
• Experience participating in third-party (vendor) risk management
• Experience supporting client-facing security due diligence (e.g., client and consultant security questionnaires, DDQs and RFPs)
• Experience with disaster recovery and operational resilience for technology services
• Additional certifications such as CISM and CISA
• Familiarity with AI governance and risk frameworks (e.g., NIST AI Risk Management Framework) and emerging AI security credentials such as ISACA's Advanced in AI Security Management (AAISM)
• Strong communication and interpersonal skills, including the ability to communicate technical concepts to non-technical stakeholders and to present to senior leadership and committees
• Experience driving an automation-first approach to cybersecurity operations to strengthen operational resilience and keep pace with an accelerating threat landscape preferred
• Experience in financial services or another regulated industry preferred
• Experience reporting to or presenting to executives, risk committees or boards preferred

NISA's culture encourages collaboration and innovation. We seek self-motivated, intellectually curious individuals willing to push themselves and others in an environment that celebrates fresh thinking. We equip employees with the resources needed to excel and we encourage personal development. NISA is dedicated to internally cultivating and rewarding talent. Employees at NISA are provided with a wide range of benefits, including health, dental, vision and life insurance options, paid time off, a competitive retirement plan, onsite cafeteria, fitness center, a health and wellness program and an educational assistance program.

NISA is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.