Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry. Job Description
Primary Functions and Essential Responsibilities
- Write policies, standards, procedures, guidelines, and other technical security documents.
- Design technical and administrative enforcement mechanisms for defined security rules.
- Develop and deliver sector specific annual cybersecurity awareness training and manage overall cybersecurity training program, including phishing campaigns and other components of training.
- Contribute to data governance working group initiatives around data security and data privacy.
- Select, design, develop and implement security controls within our internal control catalog.
- Facilitate security control testing and integrate controls into existing processes.
- Maintain inventory of succinct and accurate security program descriptions for answering RFPs/RFIs/DDQs/etc
- Coordinate comprehensive risk assessment within the risk management program and develop/propose risk mitigation strategies
- Conduct security TPRM for Vendors at onboarding, contract review, RFP/RFI, and annual re-assessments while managing the continuous monitoring strategy.
- Maintain GRC Metrics, risk tolerances/triggers.
- Develop automated reports and use data visualization tools to visualize GRC critical metrics.
- Interpret audit request lists and perform evidence collection activities in support of various audits
- Minimize user disruption due to burdensome security controls or duplicative evidence collection
QualificationsEducation:
Bachelor’s degree in Cybersecurity, Engineering, Information Security, Information Technology, Computer Science or other related fields
Experience Required: - 4+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector.
- 3+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector with a Master’s degree.
General Requirements:
- Fundamental understanding and familiarity with global cybersecurity regulatory requirements, and security frameworks (ex. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), International Organization for Standardization (ISO)27001, American Institute of Certified Public Accountants (AICPA) Trust Services Criteria), General Data Protection Regulation (GDPR).
- Strong technical writing skills for policy, standard, and procedure writing/editing.
- Strong strategic process development skills with a tendency toward automation.
- Proven experience conducting cybersecurity risk assessments and compliance audits.
- Familiarity with security controls implementation, monitoring, and improvement.
- Excellent communication skills to collaborate with cross-functional teams and partners.
- Experience using data visualization tools to develop reports.
- Ability to build automated workflows using tracking software such as JIRA
Current Perks and Benefits:Ares provides an extensive array of benefits and programs to support employee’s well-being which includes parental leave, childcare reimbursement, mental health apps and insurance coverage, world-class medical advisory,
Additional perks include travel insurance, meal allowances, flexible benefit plans, reproductive and adoption assistance, education sponsorship program and much more.
To gain deeper insights into our firm’s expertise, business and culture please visit our website and & LinkedIn page.
Ares Management Corporation (NYSE: ARES) is a leading global alternative investment manager offering clients complementary primary and secondary investment solutions across the credit, private equity, real estate and infrastructure asset classes. We seek to provide flexible capital to support businesses and create value for our stakeholders and within our communities. By collaborating across our investment groups, we aim to generate consistent and attractive investment returns throughout market cycles. As of June 30, 2023, Ares Management's global platform had approximately $378 billion of assets under management(1) with more than 2,600 employees operating across North America, Europe, Asia Pacific and the Middle East. For more information, please visit www.aresmgmt.com.
Reporting Relationships
There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.
