Chief Information Security Officer
Position Summary
The Chief Information Security Officer is a senior executive responsible for designing, implementing, and operating enterprise-wide information security, cybersecurity, AI governance and resilience programs commensurate with a highly complex, global family office and investment functions.
Day-to-day Responsibilities
Own the enterprise information security & cybersecurity strategy across Dalio Family Office entities, including offices and personnel operating in the US, Singapore and Abu Dhabi.
Design and operate information security controls aligned with financial-sector expectations for confidentiality, integrity, availability, and market integrity.
Provide oversight and assurance for systems supporting trading, portfolio management, research, treasury, and middle/back-office functions.
Advise senior leadership and principals on cybersecurity, operational risk, monitoring and systemic risk exposures relevant to investment activities.
Trade Execution Pipeline Security: Lead security architecture and control design for the DFO trade execution pipeline, including integration with OMS, prime brokerage, custodians, and middle/back-office platforms.
Partner closely with Trading, Investment Engineering, Finance, Data Protection Officer and Compliance to align security with regulatory, audit, and operational requirements.
Establish controls for privileged access, segregation of duties, data lineage, logging, monitoring, and incident response in trading workflows.
SDLC, CI/CD & Engineering Security: Own application security and DevSecOps strategy across cloud and on-prem environments. Embed security & AI controls into SDLC and CI/CD pipelines, including code scanning, dependency management, secrets management, environment isolation, and release governance.
Partner with Engineering leaders to balance delivery velocity with robust security outcomes.
Oversee vulnerability management, penetration testing, and remediation programs aligned to business risk.
AI Governance, Risk & Security: Establish and lead AI governance frameworks covering internal and third-party AI systems. Assess and manage AI-related risks including data leakage, model misuse, IP exposure, bias, explainability, and regulatory compliance. Partner with Legal, Compliance, and Risk to ensure AI controls are defensible, auditable, and aligned with emerging regulations and industry standards.
Cyber, Insider & Third-Party Risk Management: Own enterprise cyber risk management and third-party risk due diligence & oversight in close coordination with the procurement team. Manage and govern all critical security vendors, including MDR, MSSPs, and other managed security providers. Ensure continuous security monitoring and incident response coverage across all Dalio Family Office entities and global locations, including the U.S., Singapore, and Abu Dhabi. Approve risk acceptances, compensating controls, and exceptions through documented, defensible processes. Oversee security operations, monitoring, detection, and incident response across global environments. Act as incident commander for significant cyber domain events, including escalation to senior leadership.
Governance, Audit & Regulatory Readiness: Ensure security program alignment with financial industry best practices (ISO 27001, NIST, SOC 2, hedge fund / family office expectations). Support internal and external audits, examinations, and due diligence requests. Develop and maintain security policies, standards, playbooks, and executive reporting. Provide clear, concise, and decision-grade reporting to senior leaders and trustees.
Leadership & Organizational Development: Build, lead, and mentor a high-performing global information & cybersecurity security team. Foster a culture of risk awareness, accountability, and security-by-design across the organization.
Qualifications
- No less than 15 years of progressive experience in cybersecurity, information security, or technology risk as well as ISO 27001 and SOC2.
- At least 5 years operating as a senior security leader within the financial sector or relevant adjacent sector (e.g., hedge funds, private investment firms, banks, fintech, or asset managers).
- Demonstrated recent experience securing trade execution, market-facing systems, or highly sensitive financial platforms.
- Deep understanding of SDLC, CI/CD pipelines, cloud-native architectures, and modern engineering practices.
- Proven experience designing and operating AI governance, risk, and security programs.
- Strong executive communication skills with experience advising principals, boards, or senior leadership.
- Bachelor’s degree in information security, Computer Science, Engineering, or related field required.