Information Security Lead
About AQR Capital Management
AQR is a global investment firm built at the intersection of financial theory and practical application. We strive to deliver concrete, long-term results by looking past market noise to identify and isolate the factors that matter most, and by developing ideas that stand up to rigorous testing. By putting theory into practice, we have become a leader in alternative strategies and an innovator in traditional portfolio management since 1998.
At AQR, our employees share a common spirit of academic excellence, intellectual honesty and an unwavering commitment to seeking the truth. We’re determined to know what makes financial markets tick – and we’ll ask every question and challenge every assumption. We recognize and respect the power of collaboration and believe transparency and openness to new ideas leads to innovation.
The Information Security Lead will manage a team of subject matter security experts to architect, design, build and operate the information security infrastructure for both cloud and on-premises environments. This information security infrastructure provides first-line controls in a defense-in-depth approach to advanced security technologies, processes, and procedures to protect the firm’s business practices and assets.
- Interface with senior stakeholders across the Engineering leadership team to proactively interpret risks and priorities, including Platform Engineering Leads, Application Development Leads, the Chief Information Security Officer and the Co-Chief Technology Officers.
- Architect and execute on a multi-year information security technical roadmap to enable a cloud-centric technology platform to support cutting-edge financial innovation
- Lead day-to-day team operations to monitor, troubleshoot, and ensure optimum performance of information security infrastructure
- Lead advanced security analytics efforts for continuous monitoring of the cloud and on-premises technology environments
- Manage relationship with external security vendors, lead vendor assessments, and support incident response and remediation efforts
- Manage, mentor, and train experienced security team to deliver the team’s strategic initiatives in both an engineering and operations standpoint
What You’ll Bring
- Experience (15+ years) in managing complex, highly technical security infrastructure environments, preferably in Financial Services or related verticals with significant Compliance and Regulatory requirements
- Experience (10+ years) in architecting, implementing, and managing large-scale cloud security engineering projects in Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)
- Master’s Degree in Information Security or Computer Science or Computer/Electrical Engineering, and/or equivalent field experience
Security Technology Leadership:
- Operate as a Security Architect for the firm and implement a multi-year vision for a target security architecture that includes advanced security technologies, practices, and processes
- Effectively communicate best practices and standards for the implementation of security technologies in both cloud and on-premises environments
- Be an authoritative voice and articulate convincingly the security risks and rationale for prioritized solutions in a risk-based approach that outlines risk tradeoffs and tolerance
- Encourage a firm-wide culture of security awareness and evangelize security best practices and principles with application development teams
Security Technology Expertise:
- Experience working with a range of security technologies: next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), proxy infrastructure, data loss prevention (DLP), web application firewalls (WAFs), privileged access management tools, endpoint security, network security, data encryption, vulnerability management tools, DNS security, etc.
- Experience with security analytics and SIEM tools for advanced continuous monitoring to review potential non-compliance and risks/threats
- Experience with Secure Software Development Life Cycle (S-SDLC), application security frameworks, design patterns, and assessment tools
- Extensive knowledge in DevOps and CI/CD pipeline management
- Extensive knowledge with the configuration and patterns of security controls and secure migration of enterprise applications to a public cloud provider
- Experience in developing in-depth security architecture standards, frameworks and design patterns in all aspects of the Cloud including the server, application, network, and data layers
- Experience in next generation security architectures including the design, configuration, and operation of network architectures with vendor extranets, public cloud providers, and financial partner networks
- Experience working with Authentication and Authorization services (resume keywords: OpenID Connect (OIDC), Kerberos, Public Key Infrastructure (PKI), Keytabs, PingFed)
- Experience with vendor security risk assessment and due diligence
- Understanding of penetration testing and forensics best practices
- Evaluate and recommend new and emerging security products and technologies
- Experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF
- Earned Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP) and/or Cloud Security Alliance certifications (CCSP, CCSK) (ISC)2
Security Operations Support
- Oversee and maintain 24x7x365 coverage and support for security systems
- Oversee daily operational processes for all information security systems and adhere to change control processes
- Other responsibilities include and are not limited to: participating in tier 2 and tier 3 security operations support and in information security incident handling as well as identifying security issues risks and developing mitigation plans
Who You Are
- Highly technical Information Security Lead and Architect with ability to understand complex security infrastructures with an innate curiosity for security infrastructure technologies
- Team and detail oriented, with an open and collaborative work ethic
- Tenacious perseverance in investigating problems and processes, firm believer in established methodologies and best practices
- Ability to make decisions under uncertainty when not all requirements are known and to adjust plans as needed: flexible and adaptable
- Ability to respond to urgent outages with clarity and authority
- Ability to teach, train and communicate effectively with others at all levels within the organization
- Excellent analytical thinking and problem-solving skills and verbal and written communication skills: responsive interaction with both internal and external clients
AQR is an Equal Opportunity Employer. EEO/VET/DISABILITY
This position is not eligible to be performed in Colorado
Life at AQR
AQR offers generous benefits: 100% paid Medical, Dental and Vision coverage. Perks include health and wellness allowances, meditation programs, onsite breakfasts and lunches and stocked kitchens with seasonal treats.
Employees participate in a range of connectivity and community building events & experiences the firm offers: Book Clubs, Research Colloquiums, baseball outings, Star Wars premiere, our Food Truck Social and volunteer opportunities.
Learning & Development
QUANTA, the firm's learning and development program, offers both professional and personal growth opportunities through 350+ classes per year.
AQR is an Equal Opportunity Employer.