Cybersecurity Advisor

CYBERSECURITY ADVISOR (Hybrid position in NYC & Boston)

Working in Advisory:

The Advisory Group is a core group within Drawbridge. As an agile team, Advisory works to provide best-in-class service and support to our clients. As a Cybersecurity Advisor, you will assist with maintaining relationships with clients, their IT resources, and associated third parties. You will work to gain an understanding of the Drawbridge business process, engagement deliverables and services, cybersecurity risk management, IT controls, and regulatory standards. In this highly team collaborative role, you will gain valuable hands-on experience, working with many of the world’s most successful asset management firms.

The Cybersecurity Advisor will report to a Advisory Manager.

Our Values

• Innovation: As the market leader, Drawbridge draws on its in-depth, collective expertise in its constant effort to innovate both our platform and our approach to service
• Integrity: Our clients and partners lean on us because they know we are trustworthy and honor what we say
• Collaboration: We are here to win, and we only win when we work together across team
• Diversity: We are inclusive. We honor, respect, and appreciate each other’s differences and perspectives

In this role you will:

• Be primary point of contact for Drawbridge clients
• Lead kick off call and create success plans for new clients
• Execute on success plans · Work closely with the Account/Relationship Management team to ensure positive client health. Manage post deliverable CSAT
• Execute on Tech-enabled Platform Strategy (100% CRA review calls are performed within the platform) including: Engage with clients through the platform and showcase new tools on the platform.
• You will partner with other CS professionals to help define best practices for client service and provide feedback from clients on platform to the product team
• Assist with client projects and develop the skills to lead projects
• Assist with tailoring the project management framework, approaches, and methods to help streamline projects.
• Identify tasks necessary to remediate identified risks and vulnerabilities for clients and service providers.
• Conduct risk analysis, assessments, and security audits using internal and third-party tools.
• Demonstrate an advanced understanding of business processes, internal control risk management, IT controls, and related standards.
• Identify and evaluate complex business and technology risks, controls to mitigate risks, and related opportunities for control improvement.
• Understand business, information technology, risk, and operational management processes.
• Interpret controls and provide suggestions for mitigation strategies to clients and service providers.
• Learn the regulatory framework and compliance guidelines for cybersecurity for the SEC, NFA, FCA, MAS, and any other regulatory agency applicable to our clients.
• Ensure projects are completed within a reasonable time frame and monitor the status of projects.
• Initiate periodic check-ins with clients to ensure services and projects are up to par with client expectations.
• Follow up with clients and service providers to ensure document requests or documents needing review are addressed.
• Update internal trackers, provide status updates to project managers, and ensure other internal matters relating to projects or clients are kept up-to-date.
• Maintain relationships with clients, IT providers, and other service providers.

Project Responsibilities:

• Prepare summary and gap analysis reports highlighting the features of our clients’ cybersecurity programs.
• Schedule, conduct, and lead risk assessment meetings with clients and IT providers to obtain information regarding a client’s security and privacy controls.
• Prepare risk assessment reports and discuss the assessment findings with clients.
• Conduct cybersecurity due diligence on our clients’ service providers.
• Send, track, and store due diligence questionnaires and corresponding documents from service providers.
• Create deadlines, send reminder emails, and deadline extension notifications to service providers.
• Review due diligence submissions from service providers and follow up with service providers, where necessary.
• Prepare risk assessment reports based on the due diligence exercise and discuss the assessment findings with clients.
• Conduct live or schedule online training for clients.
• Track the status of the trainings scheduled online and prepare training reports.
• Conduct live or virtual incident response tabletop exercises.
• Prepare tabletop exercise summary reports.

You Have:

• Bachelor’s Degree, preferably in General Business, Finance, or Accounting.
• 6-10 Years of Experience, preferably in a customer facing and/or support role.
• Familiarity with Microsoft Office products (Outlook, Word, Excel, PowerPoint)
• Experience with CRM software, including Salesforce Service Cloud.
• Experience with Ticketing and Tracking Systems (e.g., Jira, ConnectWise)
• Knowledge of hedge fund, private equity, or RIA operations/compliance a huge plus
• Solid team spirit, balanced by a healthy sense of autonomy and intuitiveness
• Excellent written and verbal communication skills
• Exceptional time management skills and attention to detail
• Strong knowledge of security standards, disciplines and frameworks such as, but not limited to, NIST, CIS, COBIT, etc. CRISC, CISA, CISSP, CIPP, Security +, certifications are a huge plus.
• Knowledge of auditing standards and frameworks such as, but not limited to, COSO, ITAF, and ISO.
• Previous experience conducting risk assessments are a plus.
• Knowledge of IT infrastructure, Cloud Technology, Business Continuity, Disaster Recovery, and Incident Response
• Ability to effectively communicate with clients and maintain strong client relationships
• Ability and willingness to take on projects outside of the regular scope of work

Salary Base
$80,000 - $100,000

About Drawbridge

Drawbridge is an award winning, premier provider of cybersecurity software and advisory solutions to the asset management industry. Its proprietary platform helps firms exceed and manage their governance, risk, and compliance (GRC) requirements while combatting sophisticated cyber threats and third-party risks. Drawbridge’s platform connects business, compliance, and IT to empower firms to centralize and manage their most robust security programs, improve their risk profile, and raise institutional capital. With a tested team focused on delivering value to 1000+ clients, Drawbridge offers unmatched customer service and flexibility to help businesses proactively manage vulnerabilities, plan for growth, and reduce complexity. At Drawbridge, we are committed to attracting and retaining the best individuals who enjoy working in a dynamic environment

Our Hiring Process

We want to hire the most qualified individuals. We have designed a multi-step selection process that may include interviews and assessments. We make decisions quickly and we are eager to get to know you.

Affirmative Action and Equal Opportunity Employer

Drawbridge Partners, LLC is an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, non-disqualifying physical or mental disability, protected veteran status, or any other legally protected characteristic, in accordance with applicable law. All employment is decided on the basis of qualifications, merit, and business needs.