Security Project Delivery

• Own the full delivery lifecycle — charter, plan, execute, measure, and close — for the firm's enterprise security project portfolio.
• Lead simultaneous workstreams across DLP, PAM, password management, pentesting, and access reviews, ensuring on-time and on-budget execution.
• Establish project governance cadences, status reporting, RAID logs, and steering-committee presentations for each initiative.
• Drive outcomes through matrixed teams, holding accountable both direct contributors and cross functional stakeholders without direct authority.
  
   

Data Loss Prevention (DLP)

• Architect and deploy enterprise DLP policies across endpoints, email, cloud (M365 / Microsoft Purview), and network egress points.
• Define data classification schemas in partnership with Legal, Compliance, and business-unit leadership.
• Tune DLP rules to reduce false-positive rates while maintaining strong coverage for PII, client data, and proprietary information.
• Establish incident response workflows for DLP policy violations and produce metrics for executive reporting.
  
   

Privileged Access Management (PAM)

• Lead the enterprise rollout and ongoing governance of PAM platforms (e.g., CyberArk, BeyondTrust, or equivalent).
• Define vaulting, session-recording, and just-in-time access policies for on-premises, cloud, and hybrid infrastructure.
• Drive adoption by engaging with Infrastructure, Cloud, and application teams as internal customers of PAM controls.
• Continuously evaluate PAM coverage gaps and close them through structured roadmap initiatives.Password Management
• Design and enforce enterprise password management strategy across workforce (e.g., 1Password, Bitwarden) and privileged accounts.
• Integrate password management tooling with SSO, MFA, and identity governance platforms.
• Champion password hygiene awareness and embed credential security controls into the onboarding/offboarding lifecycle.
  
   

Penetration Testing & Vulnerability Management

• Manage the firm's penetration testing program — scope, vendor selection, scheduling, findings triage, and remediation tracking.
• Coordinate internal red-team / purple-team exercises and translate findings into actionable remediation roadmaps.
• Partner with the Infrastructure and Application teams to validate remediation closure and verify control effectiveness.
• Produce executive-grade pentest summaries and trend reporting for CISO, CTO, and board-level audiences.
  
   

Access Reviews & Identity Governance

• Design and operationalize a continuous access review program across on-premises AD, Entra ID (Azure AD), and key SaaS applications.
• Automate access certification workflows using IGA platforms (e.g., SailPoint, Saviynt, or equivalent).
• Partner with HR, Compliance, and application owners to enforce role-based access control (RBAC) and least-privilege principles.
• Support internal and external audit requirements (SOX, PCAOB) with evidence packages from access review cycles.
  
   

Stakeholder Engagement & Communication

• Serve as the primary security liaison to business-unit leaders, ensuring security initiatives are understood as business-enablers.
• Present program status, risk posture, and project outcomes to C-suite and board stakeholders in clear, non-technical language.
• Collaborate closely with Legal, Compliance, Internal Audit, HR, and Finance to align security projects with regulatory obligations.
   

• CISSP, CISM, or CRISC (strongly preferred).
• CEH, OSCP, or equivalent offensive-security credential.
• Microsoft Security certifications (SC-100, SC-200, SC-300) a plus.
• PMP or equivalent project-management certification a plus
• Bachelor's degree in Computer Science, Information Security, or related field; advanced degree a plus.

• 12+ years of progressive cybersecurity experience, including 5+ years in a senior engineering or security lead role.
• Proven delivery record: has independently managed and shipped large-scale security projects on time and within budget.
• Deep, hands-on expertise in at least four of: DLP, PAM, password management, penetration testing, and access governance / IGA.
• Experience in a professional-services, financial-services, or similarly regulated enterprise (5,000+ employees preferred).
• Demonstrated ability to influence and drive cross-functional teams without direct authority.

Technical Proficiencies

• DLP platforms: Microsoft Purview, Symantec DLP, Forcepoint, or equivalent.
• PAM platforms: CyberArk, BeyondTrust, Delinea / Thycotic, or equivalent.
• Identity & IGA: Entra ID (Azure AD), SailPoint IdentityNow, Saviynt, Okta, or equivalent.
• Pentesting / vulnerability management: Rapid7, Tenable, NodeZero, Cobalt, or equivalent.
• Enterprise Microsoft 365 / Azure security stack (Defender for Endpoint, Purview, Conditional Access).
• Scripting and automation: PowerShell, Python, or similar for security tooling and workflow integration.