Information Security Manager

About AQR Capital Management

AQR is a global investment management firm built at the intersection of financial theory and practical application. We strive to deliver superior, long-term results for our clients by seeking to filter out market noise to identify and isolate what matters most, and by developing ideas that stand up to rigorous testing. Underpinning this philosophy is an unrelenting commitment to excellence in technology — powering our insights and analysis. This unique combination has made us leaders in alternative and traditional strategies since 1998.

AQR takes a systematic, research-driven approach, applying quantitative tools to process fundamental information and manage risk. Our clients include institutional investors, such as pension funds, insurance companies, endowments, foundations and sovereign wealth funds, as well as financial advisors.

Your Role

The Information Security Manager will manage a team of subject matter security experts to design, build and operate the information security infrastructure for both cloud and on-premises environments. This information security infrastructure provides first-line controls in a defense-in-depth approach to advanced security technologies, processes, and procedures to protect the firm’s business practices and assets.

You will:

• Execute on a multi-year information security technical roadmap to enable a cloud-centric technology platform to support cutting-edge financial innovation
• Manage and coach experienced security team to deliver the team’s initiatives from both a security engineering and operations standpoint
• Manage day-to-day team operations to monitor, troubleshoot, and ensure optimum performance of information security infrastructure

What You’ll Bring:

• Bachelor’s degree in computer science or computer engineering; Master’s degree preferred
• Experience (15+ years) in managing complex, highly technical security infrastructure environments, preferably in Financial Services, e.g., banking, asset management, etc.
• Experience (2+ years) in designing, implementing, and managing large-scale cloud security engineering projects in Amazon Web Services (AWS)
• Demonstratable administrative management experience of a group of security engineers
• Able to oversee daily operational processes for information security and adhere to change control
• Able to respond to urgent operational issues and production outages with clarity
• Effectively communicate best practices and standards for the implementation of security technologies in both cloud and on-premises environments
• Encourage a firm-wide culture of security awareness and evangelize security best practices and principles with engineering teams
• Be team-oriented, with a collaborative work mindset with internal clients and stakeholders

Security Technology Expertise:

• Prior hands-on experience in implementing and maintaining enterprise-grade workloads in the cloud
• Extensive knowledge in Infrastructure of Code (IaC), DevOps and CI/CD pipeline management
• Extensive knowledge of full-stack development and proficient in Python, YAML, JSON, Cloud Formation
• Experience in developing in-depth security design patterns in all aspects of the Cloud including the server, application, network, and data layers
• Knowledgeable with the configuration and patterns of security controls and secure migration of enterprise applications to a public cloud provider
• Familiarity with a range of security technologies: network security (e.g., firewalls, intrusion detection and prevention systems (IDS/IPS), proxy infrastructure), data protection, and endpoint security
• Understanding of security analytics and SIEM tools for advanced continuous monitoring
• Understanding of application security and penetration testing best practices
• Earned Cloud Architecture and/or Cloud Security Certifications for AWS