The Company
Citadel is a global investment firm and financial services company. It operates as a hedge fund and also has a significant market-making business, Citadel Securities. Founded in 1990 by Ken Griffin, Citadel manages a vast amount of capital for institutional investors and high-net-worth individuals. Citadel's Wikipedia page says Citadel is known for its sophisticated investment strategies, use of technology and quantitative analysis, and its focus on risk management.
Learn more ↗
The Opportunity
We are looking for an Information Security Officer to help manage our security program through close partnership with legal, compliance, risk, and engineering teams. This person will be responsible for maintaining a strong relationship with our regulators and business partners, with a focus on managing regional security projects and continuous improvement that moves beyond the typical “check box” mentality. There will also be an aspect of automating compliance and evidence collection for audits.
Reporting To: dave damato,
chief information security officer
Location:
New York City – HQ on Park Avenue in Midtown; this is an in-office role
Responsibilities:
Lead cross-functional, large-scale security engineering projects.
Develop and execute a strategy to continue to align the security program with emerging regulatory requirements globally.
Partner with legal, compliance, risk, and engineering teams to ensure Citadel continues to address compliance requirements while remaining consistent with modern security and engineering practices.
Collaborate with teams to prioritize security policies, standards, and training to inform Citadel employees of their information security responsibilities.
Identify and prioritize impactful security risks and partner with various teams to create and execute mitigations.
Meet regularly with senior leadership to ensure they remain current on security metrics, regulatory requirements, security findings, and evolving security services.
Complete assessments of regional security programs using control objectives from leading security control frameworks.
Participate in design reviews for new systems, architectures, and third-party solutions to ensure alignment with internal and external security standards.
The Candidate
Skills:
Strong written and verbal communication skills; including presentations.
Comfortable presenting to senior leadership and regulators about complex cybersecurity topics and controls.
Effective at writing Python scripts to automate manual tasks.
Experience:
Experience with security frameworks, risk assessment methodologies and regulatory requirements (e.g., ISO 27001, SEBI).
7+ years of industry experience.
Knowledge:
Bachelor's degree in computer science, cybersecurity, or related field; or equivalent experience.
Strong understanding of encryption, authentication, and IAM solutions.
Understand security leading practices and architectures associated with modern technologies such as cloud providers, threat detection, infrastructure as code, secure software development, and authentication and authorization.
