Head of Cyber Security & Technology Risk Management (Information Technology) - Vice President

Marathon is a leading global asset manager specializing in public and private credit with approximately $23 billion in assets under management. Marathon is recognized as a distinguished leader with 26.2+ years of exceptional performance and partnership. Marathon’s integrated global credit platform is driven by our specialized, highly experienced, and disciplined teams across Private Credit (Direct Lending, Asset Based Lending and Opportunistic Credit) and Public Credit (High Yield, Leveraged Loans & CLOs, Emerging Markets, and Structured Credit).

We are seeking an accomplished and hands-on Cyber Security leader to serve as the Head of Cyber Security and Technology Risk Management function in the IT department:

• Reporting to the CTO, the Head of Cyber Security & Technology Risk Management Leader strategizes and oversees the design, implementation, operational maintenance, and advancement of firm-wide cyber security program, processes, products, and solutions.
• Leads the allocated resources, Managed Service Providers and external solution partners in the Cyber Security function, guiding strategic enhancements and technical execution to maintain operational stability, improve cyber defense posture and manage the firm-level cyber risk at the desired levels.
• Be part of a diverse, cross-functional team that collaborates globally across the firm with a variety of internal functions from service desk to system architects, developers, infrastructure engineers, business stakeholders and Compliance, to measure, assess, and manage the cyber risks and threats relevant to the firm’s operations, data, and business continuity.
• This role requires a hands-on leader who can both develop and manage a comprehensive cybersecurity and technology risk management program and has direct experience building security infrastructure.
• Preference for a candidate who has deep experience in the Microsoft Azure Cloud solutions and the Office 365 stack.
• Own, develop, implement, and maintain the IT Risk Management / cybersecurity program (strategies, policies, and controls) throughout the firm to ensure the security of the firm’s digital assets including systems and data.
• Lead, mentor, and manage a team of external resources to deliver the strategic and operational goals of the cybersecurity program.
• Oversee vulnerability assessments, penetration testing, incident triage, and forensic analysis, ensuring robust threat detection and effective incident response.
• Drive the technical execution of security projects across the entire lifecycle, including roadmap planning, KPI monitoring, and program delivery.
• Communicate security posture, risks, and incidents clearly to technical and non-technical stakeholders.
• Collaborate with Compliance, Legal, IT, and various business teams on risk governance, control selection, and the integration of security with organizational objectives.
• Demonstrate SME level knowledge and stay current with emerging threats, industry trends, frameworks (e.g., NIST, ISO 27001), and best practices, adapting the team’s approach as needed.
• Manage security operations (e.g., SOC) and oversee the configuration, performance, and maturity of monitoring platforms, security tools, and operational procedures.
• Conduct or participate in the budget planning, vendor negotiations, and third-party security reviews, aligning spend and contract requirements with security risk reduction goals.
• Manage the cybersecurity awareness program and constantly work on new ways of improving employee awareness based on current and emerging threats.
• Perform periodic technology risk assessments and present findings to the senior leadership. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the cyber security program.
• Update the incident response plan and corresponding playbooks as appropriate. Lead incident response tabletop exercises by partnering with all the required stakeholders.

• At least 10+ years of proven experience leading cross-functional cybersecurity teams and delivering security strategies and programs at scale.
• Advanced understanding of cybersecurity frameworks (e.g., CIS, NIST, ISO and others), regulatory guidelines, and technical security standards.
• Demonstrated ability to communicate, influence, and build consensus with senior leadership and peers.
• Expertise in incident response, threat intelligence, vulnerability management, network and endpoint security, and security architecture.
• Excellent analytical, problem-solving, and decision-making skills with a proactive, results-oriented approach.
• Strong financial acumen in managing budgets, negotiating contracts, and measuring risk reduction ROI.
• Experience with security tools (e.g., SIEM, IDS/IPS, firewalls), scripting and automation (Python, PowerShell), and cloud security platforms is highly desirable.
• Track record of building and developing a strong security culture and facilitating employee training and awareness programs.
• Candidates with the following experiences would be preferred:
  • Professional security management certification such as CISSP, CCSP, CRISC, CASP+, CISM, and/or CISA
  • Hands-on experience in cloud infrastructure security with Microsoft Azure and O365
  • Financial industry experience, especially in the Asset Management sector
  • Hybrid infrastructure experience

The average salary for this role is $150,000 - $200,000 in base pay and is exclusive of any bonuses and benefits which are also part of the compensation package. The base pay offered will be determined based on your experience, skills, training, certifications and education, and in addition we will also consider internal equity and market data. We do not anticipate that candidates hired will begin at the top of the range however, from time to time, it may occur on a case-by-case basis.

Equal Opportunity Employer M/F/D/V

No agencies, please.