Risk Manager, Cybersecurity

Our Story

Founded in 2008, Hightower is a wealth management firm that provides investment, financial and retirement planning services to individuals, foundations and family offices, as well as 401(k) consulting and cash management services to corporations. Hightower's capital solutions, operational support services, size and scale empower its vibrant community of independent-minded wealth advisors to grow their businesses and help their clients achieve their vision of "well-th. rebalanced." Based in Chicago with advisors across the U.S., we operate as a registered investment advisor (RIA).

Our commitment to our culture is demonstrated every day through the Hightower Way. By joining Hightower, you will build a community of inclusive relationships, take proactive ownership, embrace others' perspectives, and have an uncompromising dedication to excellence.

What You'll Do

You will assist the enterprise to conduct third-party cybersecurity risk assessments of Hightower Advisors' third-party vendors. This includes conducting the assessments before contract being implemented along with annual risk assessments post contract execution. Also, you will evaluate cybersecurity risks related to information observing our established Third Party Risk Management (TPRM) framework. You will have a broad experience in cybersecurity as it relates to an enterprise environment.

• Serve as a Hightower brand ambassador by upholdingThe Hightower Waycultural elements - Mission, Purpose, V.A.L.U.E. Experience, Commitment and Standards, promoting excellence in the internal and external client experience during every encounter
• Improve consistency in every client and colleague encounter by embodying the core principles of our Hightower V.A.L.U.E. Experience (Validate, Actively Listen, Leverage Resources, Understand Ownership, Express Gratitude)
• Partner with cross-discipline team members to support collaboration and promote a positive client experience
• Coordinate Third Party Risk Management team to initiate, scope and plan cyber security risk controls assessments of new vendors and preform ongoing reviews of existing vendors.
• Be a third-party risk assessor, performing risk assessments by evaluating controls surveys, third-party attestations, infrastructure and data flow review, and control implementation validation. Use experience to identify risk
• Understand technical and operational standard industry practices involving third-party risk management regulations / standards to build programs, risk assessments and business processes
• Assist in internal and third-party security audits and works with the proper teams to develop mitigation plans
• Evaluate us against the risk management framework to identify maturity level and opportunities for improvement
• Maintain the organizational cyber risk register. Define processes to support risk management and reporting
• Maintain policy, standard and procedural documentation.
• Be an expert for MSSP engagement and collaboration. Continue engagement with MSSP security monitoring partners for ongoing refinement, tuning and reporting

What You'll Bring

• BS/BA degree and related cybersecurity or compliance certification(e.g. GIAC,CRISC, CISM, CISA, CISSP)
• 5 years' experience in security risk, information security audit, information security or risk management role
• Collect and analyze technical data to resolve design and implementation issues.
• Must accept a minor level of local travel

What We Offer

• Coverage on the first day of employment for medical, dental, and vision insurance
• Paid parental leave (16 weeks for primary caregiver and 8 weeks for secondary caregiver)
• Flexible PTO plan
• Hybrid model work schedule (50% in office)
• 401k matching plan
• HSA employer contributions
• Student loan assistance
• Pet insurance
• We commit to a transparent, people-first environment where talent is maximized through our diverse, equitable and inclusive community
• We nurture a spirit of belonging, are energized by challenges, celebrate our successes, and achieve individual and collective well-th goals

AN EQUAL OPPORTUNITY EMPLOYER:Hightower is an equal opportunity employer and does not discriminate based upon race, color, religion, sex, sexual orientation, pregnancy, marital status, national origin, citizenship, veteran status, ancestry, age (over 40), physical or mental disability, medical condition (cancer-related), gender identity or expression, genetic information including sickle cell or hemoglobin C trait, or any other consideration made unlawful by applicable federal, state, or local law.

You are a U.S. citizen, U.S. permanent resident or possess other unrestricted U.S. work authorization and will not require sponsorship for U.S. work authorization now or anytime in the future.

• Chicago, IL, USA