Associate Director IT Security Engineering

About The Position

Requirements

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience
• 8+ years in Cybersecurity, IT, Risk Management, Governance, or related field
• 5+ years in cybersecurity compliance, risk, or audit within financial services (banking, fintech, brokerage, etc.)
• 3+ years directly managing small technical teams in large enterprise environments, preferably in the financial sector.
• Proven expertise with CIS, NYDFS, FFIEC, SOX, PCI-DSS, and NIST CSF/800-53
• Hands-on experience with compliance monitoring of servers, workstations, databases, storage solutions, network devices, SaaS services, and cloud infrastructure
• Hands-on experience with HPNA, Qualys, Guardium, and similar compliance monitoring tools
• Understanding of security controls (IAM, encryption, SIEM, vulnerability management)
• Creating and reporting useful compliance metrics.
• Proficiency in audit response and regulatory reporting
• Strong leadership, communication, and stakeholder management abilities
• Focus on compliance/risk.

Nice To Haves

• Experience with cloud compliance (AWS/Azure/GCP) in regulated environments.
• Knowledge of data privacy laws (GDPR, CCPA).
• Certifications - CISSP, CISM, CRISC, CISA, or similar.

Responsibilities

• Engineer, Implement and Operate compliance tools monitoring technologies like compute, storage, databases & network in cloud and on-premises.
• Develop, implement, and maintain the cybersecurity compliance roadmap.
• Help service owners with remediation of findings and track action plans to closure.
• Maintain policies, standards, and procedures aligned with FFIEC, GLBA, NYDFS, etc.
• Report compliance metrics of various technology domains e.g. OS, Storage, Network etc.
• Manage, mentor, and develop 5+ cybersecurity engineers focused on compliance tooling and control implementation.
• Prioritize workload, conduct performance reviews, and foster collaboration.
• Bridge technical execution (engineers) and strategic compliance goals.
• Oversee vendor security reviews and third-party risk management.
• Serve as primary point of contact for compliance metrics.
• Stay current on evolving regulations (SEC, FINRA, CFPB), threats, and frameworks.
• Automate compliance monitoring and reporting using GRC tools.
• Drive initiatives to enhance security posture and reduce compliance risk.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).