Triad Partners
Triad Partners is hiring: Director of Cybersecurity and IT Risk Management in La
Triad Partners, Lawrence, KS, United States
Description
Is working with people you want to do life with important to you? It is to us, too.
At Triad, our moto is #DBDL: Do Business Do Life. While we are doing business, ensuring a boutique-like experience for our clients is at the top of our list. Does working with our team to build a financial planning offering that can positively impact the lives of thousands of people make your ears perk up? Let's talk more...
So Who Are We?
Founded on the idea that business growth shouldn't come at the expense of personal freedom, you'll be working to accomplish something never before seen in our industry: Empowering financial advisors to scale their business to all-time highs, while also enjoying levels of personal freedom they never thought possible. We call this unique intersection of success at work and in life, DBDL: Doing Business and Doing Life - and it's at the heart of everything we do.
To deliver on our goal of delivering DBDL to our industry, every Triad team member (regardless of experience or job title) is first and foremost a leader. No matter the project, you'll be expected to do more than simply check the boxes; you'll play an integral role in shaping the vision, building processes, perfecting systems, creating all-new solutions, and continuing to take our industry into a whole new direction.
But DBDL doesn't just happen at work. It also happens in life. As a Triad team member, you'll have the opportunity to live our Do Business, Do Life mantra with a working environment that encourages you to push a pause on work and recharge your creative energy doing the things you love.
What You'll Do Here:
The Director of Cybersecurity and Risk Management is a senior leadership role responsible for establishing, executing, and evolving an enterprise cybersecurity and risk management strategy that aligns with business objectives and regulatory demands. This position drives the protection of critical digital assets, ensures robust regulatory compliance, and fosters a security-aware culture. This role requires a visionary leader capable of balancing strategic priorities with hands-on operational needs to safeguard the organization against an evolving threat landscape.
This Role Involves
Program Development & Leadership
Experience
Is working with people you want to do life with important to you? It is to us, too.
At Triad, our moto is #DBDL: Do Business Do Life. While we are doing business, ensuring a boutique-like experience for our clients is at the top of our list. Does working with our team to build a financial planning offering that can positively impact the lives of thousands of people make your ears perk up? Let's talk more...
So Who Are We?
Founded on the idea that business growth shouldn't come at the expense of personal freedom, you'll be working to accomplish something never before seen in our industry: Empowering financial advisors to scale their business to all-time highs, while also enjoying levels of personal freedom they never thought possible. We call this unique intersection of success at work and in life, DBDL: Doing Business and Doing Life - and it's at the heart of everything we do.
To deliver on our goal of delivering DBDL to our industry, every Triad team member (regardless of experience or job title) is first and foremost a leader. No matter the project, you'll be expected to do more than simply check the boxes; you'll play an integral role in shaping the vision, building processes, perfecting systems, creating all-new solutions, and continuing to take our industry into a whole new direction.
But DBDL doesn't just happen at work. It also happens in life. As a Triad team member, you'll have the opportunity to live our Do Business, Do Life mantra with a working environment that encourages you to push a pause on work and recharge your creative energy doing the things you love.
What You'll Do Here:
The Director of Cybersecurity and Risk Management is a senior leadership role responsible for establishing, executing, and evolving an enterprise cybersecurity and risk management strategy that aligns with business objectives and regulatory demands. This position drives the protection of critical digital assets, ensures robust regulatory compliance, and fosters a security-aware culture. This role requires a visionary leader capable of balancing strategic priorities with hands-on operational needs to safeguard the organization against an evolving threat landscape.
This Role Involves
- Establishing and leading a comprehensive cybersecurity and risk management program that aligns with business objectives.
- Acting as a trusted advisor to executive leadership, providing insights on cybersecurity posture and risk exposure.
- Implementing robust security operations, policies, and compliance frameworks to address evolving regulatory requirements.
- Building and leading a security-aware culture through training, awareness programs, and collaborative security practices.
- Managing vendor relationships, ensuring third-party security standards align with organizational goals.
- Provide proactive oversight and comprehensive support for cybersecurity, compliance, and risk management requirements, ensuring member offices and/or advisors meet organizational and regulatory standards.
- Build out and oversee cybersecurity team members and cross-functional project teams, providing guidance and strategic direction.
- Manage third-party vendors aligned with this role, including SOC and incident response providers, to maintain high service levels.
- Facilitate the development of direct reports, fostering professional growth and enhancing team skill sets.
- Conduct performance evaluations, set objectives, and ensure alignment with cybersecurity program goals.
Program Development & Leadership
- Design and implement an enterprise cybersecurity program, ensuring alignment with business strategies and regulatory requirements.
- Develop policies, standards, and procedures that address network security, cloud security, and endpoint protection to protect organizational assets.
- Establish and monitor security metrics, using data-driven insights to support continuous improvement and inform leadership decisions.
- Act as a cybersecurity advisor to executives, translating complex security concepts into actionable insights that support business goals.
- Build and maintain a risk management framework that includes vulnerability assessments, threat modeling, and incident prevention measures.
- Conduct regular risk and vulnerability assessments, leveraging data analysis and regulatory expertise to identify and mitigate risks.
- Ensure compliance with relevant standards (NIST CSF, ISO 27001, SOC 2) and develop strategies to meet financial and RIA-specific regulatory requirements.
- Communicate security policies and compliance expectations across departments to foster alignment and commitment to regulatory standards.
- Own and maintain all IT and cybersecurity policies, including those related to data protection, access controls, incident response, and regulatory compliance, ensuring they are up-to-date, comprehensive, and aligned with industry standards.
- Establish a Security Operations Center (SOC) or equivalent capabilities to monitor, detect, and respond to security incidents in real-time.
- Develop, test, and refine incident response plans and playbooks, ensuring readiness to effectively handle breaches and mitigate impact.
- Lead root-cause analysis and incident reviews, applying insights to enhance security operations and prevent future incidents.
- Collaborate with third-party vendors for advanced threat monitoring, forensic analysis, and specialized incident response when required.
- Lead a comprehensive security training program, ensuring employees are equipped to recognize and respond to cybersecurity threats.
- Develop a proactive security awareness campaign that reinforces risk-conscious behaviors and best practices at all levels.
- Promote a culture of security ownership across the organization, encouraging collaboration, transparency, and compliance.
- Manage the organization's cyber insurance policy, ensuring it provides appropriate coverage aligned with the company's risk profile, regulatory requirements, and evolving cybersecurity landscape.
- Support member-facing MSP clients by advising on cyber insurance requirements, helping them assess and maintain adequate coverage to meet their specific cybersecurity and compliance needs.
- Collaborate with legal, compliance, and executive teams internally, as well as with MSP clients, to fulfill policy requirements, conduct regular reviews, and facilitate claims processes in the event of cybersecurity incidents.
- Establish and enforce third-party risk assessment processes, evaluating vendor security controls to ensure compliance with organizational standards.
- Oversee vendor relationships, managing SLAs and security contracts to align with cybersecurity and risk objectives.
- Conduct periodic reviews and audits of vendor security practices, maintaining high standards and safeguarding organizational assets.
Experience
- 10+ years in cybersecurity or information security, with 5+ years leading cybersecurity and risk programs.
- Significant experience in regulated environments, preferably within financial services, specifically Registered Investment Advisors (RIA), with a strong understanding of associated regulatory needs.
- Proven experience in incident response, compliance management, and policy development.
- Demonstrated expertise in incident response, compliance management, and policy development.
- Practical expertise in frameworks like NIST, ISO 27001, and SOC 2.
- Proficient in risk management, cybersecurity frameworks, and compliance standards.
- Exceptional communication skills with an ability to collaborate cross-functionally and influence executive stakeholders.
- Hands-on experience with threat intelligence, incident response, and security operations.
- CISSP, CISM, CRISC, or similar certifications required; advanced certifications (e.g., CDPSE, CIPM) are preferred for added expertise in privacy and data governance.