VP, Information Security Lead
New York, NY (Hybrid)
About Fortress
Fortress Investment Group LLC is a leading, highly diversified global investment manager with approximately $54 billion of assets under management as of September 30, 2025. Founded in 1998, Fortress manages assets on behalf of over 2,000 institutional clients and private investors worldwide across a range of credit and real estate, private equity, and permanent capital investment strategies. Fortress is headquartered in New York, with offices in Abu Dhabi, Atlanta, Dallas, Greenwich, Hong Kong, London, Los Angeles, Madrid, Menlo Park, New York, Rome, Sydney and Tokyo.
About the Position Summary
Fortress’s Information Technology team seeks a highly motivated and hands-on Vice President, Information Security Lead to join the Information Security team. The Information Security Lead will be responsible for the design, execution, oversight, and remediation of the firm’s cybersecurity framework. This role requires a unique blend of regulatory expertise (DORA, GDPR, CPRA), business resiliency, and application security. You will act as a primary lead for assessing application-level risks, managing the business impact of potential disruptions, and ensuring that our global vendor ecosystem meets stringent security standards.
Responsibilities
• Lead the implementation and maintenance of controls for DORA (Digital Operational Resilience Act), ensuring the firm meets European operational resilience standards.
• Serve as a subject matter expert for GDPR (General Data Protection Regulation) and CPRA (California Privacy Rights Act) compliance, managing data mapping, subject access requests, and privacy impact assessments.
• Execute the security vetting process for new vendors; perform periodic due diligence as needed.
• Conduct deep-dive application security risk assessments for proprietary applications and third-party software.
• Lead the Business Impact Analysis (BIA) process to identify critical business functions and define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
• Partner with Infrastructure teams to design, document, and test disaster recovery plans, ensuring high availability for trading and investment operations.
• Serve as a senior escalation point for security incidents, assisting in containment, eradication, and post-mortem analysis.
• Assist with managing and monitoring the performance of our security operations center. Respond to escalated alerts as needed.
• Develop security metrics and risk posture dashboards for senior leadership.
• Lead and implement various technology projects to improve the security posture of the firm.
Qualifications
• 7–12 years of progressive experience in Information Security, preferably within Financial Services or Alternative Investment Management industries.
• Proven track record of implementing controls associated with DORA, NIST, and other various regulatory frameworks.
• Bachelor’s degree in Computer Science, Cyber Security, Business Administration, or related field.
• Certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor)
• Excel as a self-motivated individual who can work on their own, as well as integrated with the infrastructure engineering and application development teams in joint projects.
• Evaluate situations and respond with solutions quickly in a high-paced and high-pressure environment.
• Build relationships with both IT and business personnel from all levels across the firm.