Deputy CISO at Davidson Kempner Capital Management

Philadelphia, Pennsylvania, United States -

Full Time

Start Date

Immediate

Expiry Date

03 Jun, 26

Salary

250000.0

Posted On

06 Mar, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Resilience, Incident Response, Vulnerability Management, Disaster Recovery Governance, Privileged Access Management, Software Development Security, Security Monitoring, Attack Surface Management, Penetration Testing, Secrets Vaulting, Tier Zero Governance, SAST, DAST, Executive Communication, Team Leadership, Risk Management

Industry

Investment Management

Description

About Davidson Kempner Davidson Kempner Capital Management LP is a global investment management firm. Founded in 1983, Davidson Kempner is headquartered in New York and has offices in Philadelphia, London, Dublin, Hong Kong, Shenzhen, Mumbai and Abu Dhabi. Our Firm invests globally and opportunistically across the capital structure, in a variety of credit and equity strategies as well as real assets. We apply our multi-dimensional, research-driven investment process to evaluate and execute a diverse range of transactions across asset classes, geographies and market cycles. We target complex, global situations where our experience and expertise can unlock value. We bring together exceptional people from different disciplines and backgrounds who are energized by the challenges of navigating complexity. We look for people who demonstrate exceptional critical thinking skills, innate curiosity, creativity and embrace diverse viewpoints to calibrate their decisions. These differentiators make our people successful beyond a specific job at Davidson Kempner – but throughout their journey with us over many years. The Role The Deputy Chief Information Security Officer is the CISO’s operational right-hand and execution leader, responsible for turning security strategy into measurable delivery. This role runs the Cyber Resilience function, ensuring the firm can anticipate, withstand, and recover from cyber events by continuously reducing exposure and maintaining strong incident response and recovery capability. Reporting line and scope Reports to the CISO and serves as acting CISO as needed, providing leadership continuity and senior escalation. Owns the Cyber Resilience portfolio and delivery cadence across vulnerability and risk management, disaster recovery governance, privileged access management, software development security, security monitoring and incident response. The Person What you will do as Davidson Kempner’s Deputy CISO Execute the Cyber Resilience security roadmap. Own the operating rhythm for Cyber Resilience delivery including prioritization, milestones, dependencies, and removal of blockers across technology teams. Provide clear status, decision points, and risk tradeoffs to the CISO and senior leaders. Lead security monitoring and incident response outcomes Oversee security alert triage and investigation workflows, including escalations from MDR and internal security tools. Act as incident commander during significant events, coordinating response, communications, and external support, and driving post incident improvements. Drive vulnerability and risk management with meaningful prioritization Own attack surface management and vulnerability reduction across infrastructure and cloud, with prioritization based on exploitability, reachability, and business impact. Plan and coordinate third party penetration testing, ensure clear remediation ownership, and drive closure on high impact findings. Own disaster recovery governance and validation Define disaster recovery expectations, backup and retention requirements, and recovery target requirements. Coordinate disaster recovery exercises and validate failover and service recovery readiness with engineering and application owners, including findings publication and remediation tracking. Own privileged access management modernization Lead secrets vaulting and rotation, privileged oversight and monitoring, tier zero governance, and just in time elevation to reduce standing privilege. Define privileged identity standards and ensure ongoing review of privileged access. Embed security into software delivery where it matters most Provide consultative guidance to application teams on secure patterns. Support application security tooling direction including SAST, DAST, and secrets scanning. Lead or approve architecture and design reviews for externally facing services and materially exposed systems. Communicate like an exec, measure like an operator Define and report recurring metrics for vulnerabilities, privileged access controls, incident response performance, and recovery readiness. Translate technical findings into decisions and prioritization that business and technology leadership can act on. Build and lead the team and partners Lead internal staff supporting these functions and manage service partners that augment capabilities, including MDR and incident response retainer relationships. Create clear accountability, coaching, and standards for consistent execution. Candidate Profile Our most competitive candidates will have: Senior security leadership experience with accountability for outcomes across major security domains, especially incident response leadership and at least two of: vulnerability management, privileged access management, disaster recovery governance, application security. Proven ability to run cross functional security programs and drive delivery across engineering and technology teams, often without direct authority. Strong executive communication skills, including the ability to present risk, options, and recommendations clearly to senior stakeholders. Demonstrated ability to build and develop high performing teams. The ideal candidate will demonstrate the following expected skills and behaviors: Experience in regulated or high assurance environments, including strong governance practices, audit readiness, and documented decision making. Experience modernizing security operations tooling and processes, including MDR integration and repeatable incident lifecycle improvement. Experience modernizing privileged access controls including vaulting, rotation, session monitoring, tier zero governance, and just in time elevation. Certifications such as CISSP, CISM, CRISC, or equivalent experience. Delivers Expertly multi tasks without sacrificing a high standard of work product and output Consistently looks for better solutions versus acceptance of existing processes Is open to diverse viewpoints, promotes cutting edge thinking and solutions, and encourages adoption of best practices Connects Is considered a valued, respectful and inclusive partner to stakeholders Proactively manages strong internal and external partnerships and identifies opportunities to build and strengthen relationships Listens to find common ground and tailors the message to articulate what is in it for them Leads Exhibits strong work ethic and sets the example for others Is enthusiastic and optimistic, prioritizes team goals, and seeks opportunities to improve cohesion and celebrate team success Navigates difficult situations and has hard conversations respectfully US Base Salary Range $215,000—$250,000 USD

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The Deputy CISO acts as the CISO’s operational right-hand, responsible for executing the security strategy and leading the Cyber Resilience function to ensure the firm can anticipate, withstand, and recover from cyber events. This role owns the delivery cadence across vulnerability management, incident response, disaster recovery governance, and privileged access management modernization.