Chief Information Security Officer at Paul Murphy Associates

Title: Chief Information Security Officer Reports to: PresidentLocation: Chicago or New York The Chief Information Security Officer (CISO) is a critical leadership position responsible for establishing, managing, and evolving the enterprise-wide information security strategy and program. The Company’s security strategy will initially focus on ensuring regulatory requirements are met but it must also provide a robust, scalable and secure foundation that enables future growth in the dynamic and regulated financial markets.The CISO will serve as the company's foremost authority on all matters of cybersecurity, information compliance, and information risk, protecting the core exchange and clearing technology, corporate IT, and all related data and physical assets. This role is highly visible and requires a hands-on technical leader capable of strategic direction, executive management, and detailed technical oversight, including direct interface with the CFTC and the Company’s Board of Directors. Key Responsibilities 1. Strategic Leadership & Governance ● Develop, communicate, and implement a robust, risk-based, and continuously evolving information security strategy and architecture that aligns with business objectives and regulatory requirements (including but not limited to CFTC regulations and guidance as well as new emerging security standards).● Report directly to the President, providing regular, concise, and comprehensive security and risk updates to the Executive Leadership Team and the Board of Directors.● Drive the creation of and report upon Key Performance Indicators related to the company’s security controls.● Work closely with the Chief Risk Officer (CRO) to integrate information security risk management into the enterprise risk management framework.● Establish and enforce security policies, standards, and procedures across all technical infrastructure, applications, and business processes. 2. Technical Security & Operations ● Direct all security operations, including threat intelligence, vulnerability management, security monitoring, incident detection, and response across the entire technology footprint (trading, clearing, corporate IT, and data platforms).● Oversee and be responsible for the security of all data and critical systems, including secure software development lifecycle (SDLC), network security, and cloud security architecture working closely with the DevOps team.● Cryptography and Key Management: Drive the strategy and implementation for managing, securing, and auditing cryptographic keys and secrets for all critical systems.● Manage and direct the company's incident response and disaster recovery/business continuity planning related to information security. This is a 24/7/365 critical function.● Manage third-party security assurance activities, including vendor evaluation, due diligence, penetration testing, and vulnerability assessments. 3. Regulatory Compliance & Audit ● Serve as the primary liaison for the CFTC, external auditors, and other regulatory bodies on all cybersecurity and information security compliance matters.● Ensure continuous compliance with all relevant financial regulatory frameworks, including CFTC regulations applicable to DCMs and DCOs, and other applicable standards (e.g., NIST Cybersecurity Framework, ISO 27001).● Oversee internal and external security audits and lead remediation efforts for all identified findings. 4. Team & Resource Management ● Build, mentor, and lead a high-performing team of information security professionals (analysts, engineers, and architects).● Manage the security budget, technology procurement, and vendor relationships to ensure cost-effective and optimal security controls.● Direct security awareness and training programs for all employees.● Collaborate across Legal, HR, and executive management in the building of policies as well as incident management. Required Qualifications ● Minimum of 10 years of progressive experience in information security roles, with a minimum of 5 years in a senior leadership or CISO role within a large or highly regulated financial institution.● Mandatory experience working in a regulated financial industry such as banking, brokerages, or clearing firms, with a strong preference for candidates with direct experience at a financial exchange (DCM/DCO) or other critical market infrastructure.● Proven hands-on technical expertise in security architecture, operations, and engineering, coupled with executive-level leadership and communication skills. Beneficial Qualifications ● Deep familiarity with CFTC compliance requirements for DCMs/DCOs and a strong understanding of the financial, operational, and regulatory risks unique to exchange and clearing functions.● Expert-level knowledge of security best practices for secrets management, hardware security modules (HSMs), and cryptographic key management, particularly as they relate to digital assets, blockchain technology, or regulated crypto asset custody.● Bachelor's or Master's degree in Computer Science, Information Security, or a related field.● Relevant professional certifications highly desired (e.g., CISSP, CISM, CISA, CRISC).