Job description

The Lead Security Engineering Vice President (Asset & Wealth Management Information Security) within the Asset & Wealth Management division is responsible for defining, implementing, and overseeing the information security and cybersecurity risk posture for the Asset Management Private business. The role leads security engineering and information security governance across the division, ensuring alignment between commercial objectives and robust cybersecurity risk management practices to protect client assets and sensitive data while maintaining resilience against an evolving threat landscape. The position provides strategic leadership across Governance, Risk & Compliance (GRC), Application Security & Advisory, and Product Security functions while also overseeing embedded Technology Risk Officers assigned to Asset Management Private business verticals. The role focuses on establishing a unified and proactive cybersecurity risk management framework that ensures regulatory compliance with global financial regulations including SEC, FINRA, GDPR, and CCPA while enabling secure technological innovation across Asset Management initiatives. Responsibilities include working closely with internal application development teams building next-generation critical business applications to ensure information security and business resiliency control requirements are integrated within application architectures. The role collaborates with global Application Security Risk, Business Continuity, Risk Measurement, and Technology Risk teams to develop and implement security and resiliency controls aligned with recognized frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls. The position provides risk assessment and advisory services to technology engineers and business management by communicating technology risks, mitigation strategies, and risk acceptance decisions. The role also involves assessing application architectures for design-related security risks, recommending remediation strategies, and advising engineering leadership and developers on emerging threats in web and mobile application environments. The role drives adoption of embedded application security controls within the Software Development Life Cycle (SDLC), provides subject matter expertise in secure application design and development techniques, and supports the convergence of information security standards, solutions, and tools across the organization. Additional responsibilities include developing customized security testing strategies to complement vulnerability scanning and security testing programs managed by Technology Risk, analyzing vulnerability scan reports, and advising development teams on secure coding and application security best practices. The role requires expertise in multi-domain information security disciplines including vendor security, vulnerability management, data loss prevention, data encryption, and infrastructure security, as well as knowledge of technology risk analytics including metrics reporting and dashboarding. Preferred technical expertise includes secure coding languages such as Python, Java, and Go, industry certifications such as CISSP, CISM, CRISC, CISA, or AWS Certified Security – Specialty, and familiarity with leveraging AI/ML technologies to enhance security operations and scale cybersecurity programs.