Vice President, Information Technology (Cybersecurity)
New York, NY
Full Time
Information Technology
Experienced
Company Information
Waterfall Asset Management, LLC is an SEC-registered alternative investment manager focused on specialty finance opportunities within asset-backed credit, whole loans, real assets, and private equity. Waterfall was founded in 2005 by Tom Capasse and Jack Ross, two individuals who were early leaders of the ABS industry, and who together have over 60 years of proven ABS/Loan credit analysis, trading, banking, and servicing experience. Waterfall seeks to provide its client a compelling risk/return profile which is generally uncorrelated to most traditional investment opportunities. Waterfall is headquartered in New York, with additional offices in London, and Dublin. As of December 31, 2025, Waterfall approximately $12.4 billion in assets under management.
Job Description
Waterfall is seeking a Vice President of Cybersecurity to join its Information Technology team. This is a broad and hands-on role sitting at the intersection of cybersecurity, infrastructure operations, and business resilience within a fast-moving investment environment. The successful candidate will own the firm's security program — protecting sensitive investment data, proprietary analytics, and confidential investor and counterparty information — while contributing meaningfully to day-to-day security operations in close collaboration with the larger team.
Specific job responsibilities include:
Cybersecurity Program Ownership
Waterfall Asset Management, LLC is an SEC-registered alternative investment manager focused on specialty finance opportunities within asset-backed credit, whole loans, real assets, and private equity. Waterfall was founded in 2005 by Tom Capasse and Jack Ross, two individuals who were early leaders of the ABS industry, and who together have over 60 years of proven ABS/Loan credit analysis, trading, banking, and servicing experience. Waterfall seeks to provide its client a compelling risk/return profile which is generally uncorrelated to most traditional investment opportunities. Waterfall is headquartered in New York, with additional offices in London, and Dublin. As of December 31, 2025, Waterfall approximately $12.4 billion in assets under management.
Job Description
Waterfall is seeking a Vice President of Cybersecurity to join its Information Technology team. This is a broad and hands-on role sitting at the intersection of cybersecurity, infrastructure operations, and business resilience within a fast-moving investment environment. The successful candidate will own the firm's security program — protecting sensitive investment data, proprietary analytics, and confidential investor and counterparty information — while contributing meaningfully to day-to-day security operations in close collaboration with the larger team.
Specific job responsibilities include:
Cybersecurity Program Ownership
- Own and mature the firm's cybersecurity program, conducting continuous gap analysis and driving improvements to the overall security posture across a multi-jurisdictional investment management environment
- Assess and harden the firm's infrastructure stack — spanning cloud platforms, connectivity with external vendors, and investor portals — from a security perspective
- Coordinate with the firm's Managed Security Service Provider (MSSP) to ensure comprehensive monitoring across endpoint, cloud, and identity surfaces, including coverage for remote and international office users
- Serve as first responder for threat detection alerts and security escalations, conducting log analysis and triage across SIEM, EDR, and other security tooling — with sensitivity to events involving investment data, trade information, or investor communications
- Oversee vulnerability management lifecycle: scanning cadence, prioritization, patching coordination, and exception tracking across devices, servers, and third-party connected systems
- Manage the phishing simulation program, security awareness training, and onboarding training for new hires — tailoring content to reflect threats relevant to the financial services sector
- Evaluate and recommend new security tooling, building a business case for investment and communicating risk trade-offs to senior leadership
- Partner with investment, technology, and operations teams to assess AI and machine learning initiatives — including use of large language models, co-pilot tools, and data analytics platforms — ensuring appropriate data security, access controls, and governance frameworks are in place
- Evaluate risks associated with AI tools accessing or processing sensitive investment data, credit models, LP information, or proprietary research, and establish guardrails and usage policies
- Monitor the evolving threat landscape — including financially motivated cybercrime, nation-state activity targeting financial institutions, and supply chain risks — and proactively recommend enhancements to the firm's defenses
- Contribute to SecDevOps practices in collaboration with the application development and portfolio analytics teams, embedding security into the development of tools and pipelines
- Maintain and update the firm's cybersecurity policy framework in collaboration with Legal & Compliance, ensuring alignment with regulatory cybersecurity rules
- Coordinate BCP/DR tabletop exercises and failover testing with stakeholders across investment, operations, finance, and legal teams
- Conduct quarterly internal cybersecurity audits including access control reviews, privileged access assessments, and third-party connectivity reviews — and serve as primary point of contact for external audits, regulatory examinations, and investor due diligence questionnaires (DDQs) relating to technology and security
- Support R&D efforts related to security frameworks and contribute to the firm's ongoing assessment against these benchmarks
- Maintain accurate, up-to-date documentation of systems, configurations, procedures, and incident response playbooks, ensuring readiness for regulatory review at short notice
- Bachelor’s degree in information technology, computer science, cybersecurity, or related field
- 7–10 years of progressive experience in information technology with a meaningful focus on cybersecurity, infrastructure security, or a combined security and operations role
- Demonstrated experience owning or materially contributing to a security program in a financial services, asset management, or similarly regulated environment
- Hands-on experience with EDR, SIEM, DLP, vulnerability management tools, and IAM platforms
- Working knowledge of cybersecurity regulations and a solid grasp of GRC frameworks
- Understanding of data classification and information barriers relevant to an investment management context, including handling of MNPI and investor confidential information
- Strong interpersonal and communication skills — able to engage credibly with senior investment and business professionals, and to translate technical risk clearly for non-technical audiences
- Self-directed and highly organized, with the ability to manage competing priorities and operate effectively with minimal oversight in a demanding environment
- Experience with cloud security (AWS, Azure, or GCP), including securing cloud-hosted financial data and enforcing access governance in hybrid environments
- Familiarity with investor DDQ processes and the ability to respond competently to LP and auditor questions on technology risk and security controls
- Exposure to SecDevOps practices and collaboration with internal application development or data engineering teams
- Relevant certifications such as CISSP, CISM, CISA, CompTIA Security+, or equivalent
- Ability to step in and support general help desk when needed
Apply for this position
Required*