Director, Information Security

Solutions for Today’s Challenges. Vision for Tomorrow’s Opportunities.Join William Blair, the Premier Global Boutique.William Blair has delivered trusted advice for nearly nine decades, and we continue to deepen our expertise and relationships across regions, asset classes, and markets throughout North America, Europe, Asia, and Australia.

We are committed to our people and culture, values, clients, and local communities.What sets us apart is that we are an independent partnership, with employees who have unique experiences, perspectives, and backgrounds.

We provide advisory services, strategies, and solutions to meet clients’ evolving needs amid dynamic market conditions and varying industries.

We strive to attract the most qualified, passionate candidates who specialize in investment banking, investment management, private wealth management, and a variety of other business functions.

We work tirelessly to create an inclusive culture and take pride in fostering employees’ professional and personal growth.

We empower our people to bring their best thinking each day so we can deliver the tailored, thoughtful work and problem-solving abilities that our clients expect.

Equally, we are proud of our long-term partnerships with the communities in which we live and work, a legacy we inherited from our founder.

We invite you to learn about how we are seeking excellence in everything we do and empowering our clients’ success with passion, creativity, and rigor.

For more information, visit williamblair.com.The qualified candidate will be part of a team responsible for implementing the firm’s information security and risk strategy.

The Director is committed to identifying, assessing and reducing risk through implementation of a robust security and risk framework.

Management of overall efforts will include policy and procedure creation and governance, cybersecurity risk assessment, incident response (including ransomware preparedness), data protection and more.

This is a leadership role that will represent the firm’s information security program to both internal and external stakeholders and be an ambassador for security within the organization.

The role offers opportunities to provide consultative guidance to various stakeholders and executive management, to work cross functionally and ensure alignment on security initiatives across departments, and to participate in and lead information security decisions that will impact the firm.

Responsibilities include but may not be limited to : Lead multiple, cross-functional information security initiatives required to implement the information security frameworks and risk strategy.

Areas of focus include security awareness, incident response, risk assessments, data protection and compliance.Facilitate information security governance and advise the enterprise on security direction and resource investments to effectively manage information security risks.

Manage security reporting mechanisms in collaboration with the Information Technology team. Establish governance frameworks and ensure firm-wide compliance with regulating authorities for security programs as appropriate.

Establish annual and long-range security and compliance goals and manage roadmap for program improvements.Educate business stakeholders through formal and informal training to build awareness of information security policies and programs and promote firm-wide compliance.

Provide guidance, evaluation and advocacy on internal and external audit responses.Report, investigate, and resolve information security non-compliance incidents.

Provide input to management regarding ways to minimize risk and avoid future issues.Develop and enforce information security policies, standards, guidelines, incident playbooks, and procedures to protect the firm’s information assets and minimize breach risks throughout the firm.

Understand the evolving regulatory environment that pertains to cybersecurity in financial services firms and ensure the information security program remains compliant with all requirements.

Assist in responding to external client requests about William Blair’s Information Security and Cybersecurity programs and risk framework, including meeting with external clients where requested.

Provide guidance on security matters to executive leadership and firm stakeholders.Effectively manage an information security strategy and framework that is aligned with the firm’s business objectives.

Foster a culture of continuous improvement and learning within the information security team and more broadly firm wide.Build and maintain relationships with external partners, such as clients and industry peers.

Effectively communicate complex security issues to a non-technical audience and gain their support for security initiatives.

Demonstrate problem-solving skills and the ability to innovate in response to changing security landscapes.Qualifications : Bachelor's degree.

10+ years information security experience with increasing levels of responsibility, including managerial experience, preferably in a financial services environment.

A general understanding of SEC and FINRA regulations desirable.Experience managing security incident responses.Experience researching, developing, and implementing Generative AI policies for a corporate entity.

Security certifications (CISM, CISSP).Must have project management experience, along with technological and prioritization skills.

Advanced knowledge of security and control frameworks such as NIST, COBIT and ISO 27000.Ability to understand technology-based data collection, analysis, maintenance application and refinement methods to make fact-based decisions.

Strong verbal and written communication skills, as well as ability to convey technical concepts to various audiences.Strong analytical and problem-solving skills.

Ability to make quick decisions in a rapidly changing environment.William Blair is an equal opportunity employer. It complies with all laws and regulations that prohibit discrimination in employment practice because of race, color, religion, creed, ancestry, marital status, gender, age, national origin, sexual orientation, unfavorable discharge from the military service or on the basis of a physical or mental disability that is unrelated to the employee's ability to perform the duties of the job applied for.

EOE m / f / d / vBe aware of hiring scams : William Blair has clear processes and guidelines with regards to recruiting.

We do not request personal financial information in connection with an employment application nor does William Blair extend any employment offers without first conducting an interview through one of its registered offices.

William Blair does not use instant messaging services such as WhatsApp, Telegram, or iMessage as part of the recruiting or interviewing process.

Note to External Recruiters / Search Firms : William Blair does not accept unsolicited resumes and will not pay for any placement resulting from the receipt of an unsolicited resume.

Any unsolicited resumes received will not be considered as a valid submission.Download William Blair's privacy policies for job applicants : California Consumer Privacy Act Privacy Notice (CCPA)General Data Protection Regulation Privacy Notice (GDPR)Contact us should you have any questions or concerns.