Threat Management Associate Director

Are you ready to make an impact at DTCC? 

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. 

 

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

The Threat Management Associate Director plays a key role in both individual contributions and cross-functional coordination. This role ensures the integrity and effectiveness of DTCC's security monitoring controls by overseeing data quality across multiple sources, identifying coverage gaps, and driving improvements in event processing and control assurance.

Your Primary Responsibilities:

 

• Mitigate risks by identifying, assessing, and documenting security control gaps in monitoring systems.
• Support the control validation process of the Security Monitoring Assurance program.
• Interface with internal and external stakeholders
• Partner with IT teams to remediate risks and issues impacting security monitoring controls.
• Support network security assessments to identify and enhance monitoring control effectiveness.
• Support Cyber Threat Fusion Center (CTFC) initiatives by implementing and enhancing security monitoring controls.
• Reevaluate and redesign processes to proactively manage and reduce risk to DTCC and its participants.
• Contribute to security strategy, program assessments, and control lifecycle activities.
• Assist in designing solutions with actionable metrics and defined risk thresholds.
• Align cybersecurity assessment reporting with stakeholders to strengthen DTCC's security posture.
• Lead end-to-end process analysis and risk mitigation efforts.
• Fulfill additional CTFC responsibilities and special projects as assigned.
• Integrate risk and control processes into daily operations, escalating issues appropriately.
• Build and maintain relationships across organizational levels.
• Develop and present performance and risk metrics tailored for technical and executive audiences.
• Collaborate with cross-functional teams to deliver compliant, high-quality security monitoring solutions.
• Support executive communications on Security Monitoring Assurance program status.
• Maintain and update security policies, control standards, and process documentation.
• Identify gaps in security monitoring controls and coordinate remediation with control owners.

Specific Skills & Technologies

• Proven expertise in SIEM, Network Security, Endpoint Security and security incident management technologies.
• Strong background in cybersecurity design, implementation, and documentation.
• Skilled in project management and technical presentations.
• Knowledgeable in ethical hacking, penetration testing, and vulnerability assessments.
• Familiar with industry-standard security frameworks, policies, and procedures.
• Solid understanding of network and infrastructure protocols (e.g., TCP/IP, HTTP/S, DNS, firewalls, proxies, IDS/IPS).

Qualifications:

• At least 8 years of cyber security experience, preferably in financial services or regulated environments.
• Bachelor's degree in computer science or related field.
• Security certifications (e.g., CEH, CCSP, CISSP, OSCP) are a plus.

Talents Needed for Success:

• Proven Experience with compliance management platforms like Qualys Policy Compliance (PC), HPNA, or similar 
• Knowledge in SIEM, Network Security, Endpoint Security, Rapid7 and security incident management technologies.
• Strong background in cybersecurity design, implementation, and documentation.
• Skilled in project management and technical presentations.
• Proficiency in Python, PowerShell, Bash, or Perl to automate compliance checks, data parsing, and reporting.
• Familiar with industry-standard security frameworks, policies, and procedures.
• Solid understanding of network and infrastructure protocols (e.g., TCP/IP, HTTP/S, DNS, firewalls, proxies, IDS/IPS).
  
   

Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

---