AVP/ Manager, Cybersecurity Governance, Risk and Compliance

Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.

Job Description

Summary:

We are seeking a motivated and experienced Cybersecurity Governance, Risk, and Compliance (GRC) professional to join our global Cybersecurity team. This Associate Vice President (AVP) will support the execution and continuous improvement of our Technology Risk Management and IT Third-Party Risk Management programs. The ideal candidate will bring a strong understanding of cybersecurity risk principles, vendor risk practices, and GRC frameworks, and will work closely with internal stakeholders and external partners (including a PwC loan staff resource) to ensure effective risk identification, assessment, and mitigation.
You will be part of a talented and collaborative team of Cybersecurity professionals who demonstrate strong technical and strategic capabilities. This is an opportunity to contribute to high-impact Cybersecurity and Technology Risk Management efforts by helping identify gaps in our risk posture and supporting the implementation of effective controls. If you are looking to be part of a dynamic team that continuously challenges itself, is committed to learning and improving, and is passionate about cybersecurity, then this could be the right opportunity for you!

​Primary functions & responsibilities-

• Support the execution of the Technology and Cyber Risk Management Program, including risk assessments, issue tracking, and remediation follow-up.
• Assist in the review and analysis of IT vendor assurance artifacts (e.g., SOC reports, penetration test results) and maintain an up-to-date vendor inventory.
• Coordinate with third-party vendors and internal stakeholder groups (e.g., Legal, Procurement, Compliance, IT) to review and assess the cybersecurity risk posture of third parties.
• Facilitate cross-functional collaboration to ensure timely completion of vendor assessments and risk mitigation activities.
• Contribute to the maturity of the IT Third-Party Risk Management program by identifying process improvement opportunities and supporting the development of internal playbooks and procedures.
• Maintain and update GRC documentation, including risk registers, dashboards, and executive summaries.
• Document work products in GRC systems (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Support IT Risk & Audit activities, including the Quarterly Access Review (QAR), by working cross-functionally with IT Risk, Audit Support, and Internal Audit teams to ensure successful execution of the control across IT and business units.
• Participate in governance meetings and provide regular updates on assigned workstreams and deliverables.
• Communicate effectively with diverse audiences, including the ability to explain complex risk topics clearly and contribute to improving team communication practices.
• Take initiative in identifying risks, proposing practical solutions, and following through on tasks with appropriate guidance.
• Remain adaptable in a dynamic environment, working collaboratively across teams to simplify challenges and support program goals.
• Build strong working relationships with internal and external stakeholders, supporting alignment and trust across business units.

Qualifications-

Education:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Experience Required:  

• 8–12 years of experience in Cybersecurity, IT Risk Management, GRC, or related fields, preferably in the financial services or technology sector.

General Requirements:

• Strong knowledge and practical experience in IT Third-Party Risk Management, including vendor risk assessment methodologies, assurance artifact evaluation, and cross-functional coordination.
• Familiarity with cybersecurity frameworks and standards such as NIST CSF, ISO 27001, AICPA Trust Services Criteria, and GDPR.
• Experience with risk management methodologies (e.g., ISO 31000, COSO ERM).
• Proficiency in GRC platforms (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Proficiency in Microsoft Office tools (Word, Excel, PowerPoint, Outlook) for reporting, analysis, and communication.
• Strong analytical, technical writing, and documentation skills.
• Ability to work independently and collaboratively in a hybrid work environment.
• Excellent interpersonal skills, with a demonstrated ability to influence, mentor, and collaborate across team

Reporting Relationships

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.