Cybersecurity Risk Associate - Hybrid position Drawbridge Client Success / Technical Advisory
In this role you will:
- Conduct risk assessments and security audits of client cloud environments
- Assess the security posture of cloud platforms and infrastructure including but not limited to Microsoft 365, Google Workspace, Azure, and AWS
- Perform risk assessments of AI platforms used by clients, including Claude, ChatGPT, and Gemini - evaluating data handling, access controls, model configuration, and integration risk
- Provide AI security advisory to clients, covering safe adoption, deployment patterns, permission and data-sharing reviews, policy development, and ongoing governance of AI tools across the firm
- Lead AI security training sessions for client teams - translating evolving AI risks, regulatory expectations, and best practices into practical guidance employees and stakeholders can act on
- Schedule, conduct, and lead risk assessment meetings with clients and IT providers
- Assess operational business risks and provide remediation and mitigation guidance
- Act as an escalation point for technical questions from clients and internal teams
- Participate in the enhancement of existing Drawbridge products, reports, and processes
- Assist and advise clients with cyber training, incident response, operational due diligence, and/or SEC cyber audit requirements
- Identify and evaluate complex business and technology risks, controls to mitigate risks, and related opportunities for control improvement
- Learn applicable regulatory framework and compliance guidelines for cybersecurity (including but not limited to SEC, NFA, FCA, MAS)
- Continuously learn and advance your cybersecurity knowledge, bringing new insights back to both client engagements and the broader team
- Maintain tracking of internal tasks, provide status updates to clients, team members, and managers, and ensure open and consistent communication with all stakeholders
- Establish and maintain relationships with clients, IT providers, and other service providers
You Have
- Sound knowledge of IT networking concepts including but not limited to segmentation, DNS, the OSI model, and network topologies
- Working knowledge of AI risk concepts such as data leakage, third-party model exposure, and responsible AI use in enterprise environments
- Sound knowledge of cloud infrastructure controls and concepts related to solutions such as Microsoft 365, AWS, and Google Workspace
- Familiarity with cybersecurity concepts such as business continuity, disaster recovery, incident response, and network security
- An understanding of vulnerability management concepts and methodologies
- Proven experience in a client/customer-facing role
- Experience discussing technical concepts with a non-technical audience
- Excellent written and verbal communication skills
- Excellent time management skills
Nice if you have- Sound knowledge of security standards and frameworks such as, but not limited to, NIST, CIS, COBIT, etc.
- Previous experience deploying security controls and policies within cloud infrastructure environments
- Familiarity with AI security frameworks and guidance (NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS) and enterprise AI governance
- Knowledge of hedge fund, private equity, or RIA operations/compliance
- CRISC, CISA, CISSP, CIPP, AAISM, Security+ certifications
Base Salary RangeWe Offer
- Competitive compensation package
- Employer Retirement/401(k) plan with company contribution
- Medical, Dental, Vision Coverage, Disability, and Life Insurance
- Health Savings Account (HSA) or Flexible Spending Account (FSA)
- Generous Paid Time Off for all life brings
- Healthy Work/Life Balance
- Phone Reimbursement Perk
- Exclusive Employee Discounts & Perks offered through ADP and insurance
- Tuition Reimbursement