Consultant - Chief Information Security Officer (Fractional/Contract Role)

Arootah is a rapidly growing advisory and coaching firm specializing in Alternative Investment & Family Office Advisory, Executive & Leadership Coaching, and Talent Acquisition & Development. Founded by Rich Bello, co-founder and COO of Blue Ridge Capital, Arootah leverages deep industry expertise to drive peak performance for executives, teams, and firms across the alternative investments landscape. 

Join Arootah’s Network of Business Advisors serving Arootah’s clients on a project basis in the alternative investment industry, including hedge funds, private equity firms, and family offices. Our mission is to deliver top-tier business advisory services tailored to the multifaceted needs of the alternative investments landscape. As part of the network, you will take on project-based assignments that let you apply your expertise directly to our client initiatives. These consulting roles provide the opportunity to work on varied and impactful projects across the alternative investments industry. 

Our Services Include: 

Advising alternative investment managers with front-to-back office services, including but not limited to operations, business development strategy, due diligence, human resources, and compliance  

Providing fractional expert advisors in key operational areas for emerging and established investment firms 

Offering executive, life, health, and career coaching for individuals 

Delivering talent acquisition and leadership development solutions 

Developing SaaS applications for enterprise and consumer use 

Visit us at https://arootah.com/advisoryfor more information. 

WHO WE NEED: 

Arootah is searching for experienced Chief Financial Officers to consult our client base across the alternative investment landscape.  As a consultant, you will work with our Alternative Asset Firm and Family Office clients to provide expert advice. Having previously served in the role of Chief Information Security Officer you have specific, hands-on experience building, maintaining, and operating the full Cybersecurity Program for leadingAlternative Asset Firms or Family Offices.   

• Provide advice and guidance to Arootah clients who seek help with their Cybersecurity needs. This will involve consulting to some of the leading Alternative Asset Firms and Family Offices in the world and sharing your experience as a Chief Information Security Officer in helping clients to:  
• Serve as strategic cybersecurity advisor to the Principal/Founder, providing expert guidance on information security strategy, risk management, and cyber threat mitigation for alternative asset firms and family offices.  
• Develop and implement comprehensive cybersecurity programs, establishing security policies, procedures, standards, and control frameworks aligned with industry best practices and regulatory requirements (SEC cybersecurity rules, NYDFS, GDPR, etc.).  
• Design enterprise-wide security architecture, assessing technology infrastructure, application security, cloud environments, network security, and data protection to identify vulnerabilities and implement risk mitigation strategies.  
• Establish incident response and business continuity protocols, creating detection and response procedures, breach notification plans, disaster recovery frameworks, and conducting tabletop exercises to ensure preparedness.  
• Build security awareness and training programs, developing onboarding materials, phishing simulations, ongoing education, and compliance training to foster a security-conscious culture across the organization.  
• Conduct comprehensive risk assessments, performing vulnerability testing, penetration testing, security audits, and gap analyses to identify weaknesses and prioritize remediation efforts based on risk severity.  
• Evaluate and manage vendor security, conducting third-party risk assessments for fund administrators, cloud providers, prime brokers, and other service providers to ensure adequate security controls and data protection.  
• Implement security monitoring and threat intelligence, establishing security information and event management (SIEM) systems, intrusion detection, endpoint protection, and continuous monitoring to detect and respond to threats.  
• Develop data governance and privacy frameworks, creating data classification policies, access controls, encryption standards, data loss prevention measures, and ensuring compliance with privacy regulations.  
• Partner with IT and operations teams to integrate security into system implementations, application development, infrastructure changes, and business processes while balancing security requirements with operational efficiency.  
• Advise on security technology and automation, recommending tools for identity and access management, multi-factor authentication, security orchestration, and leveraging AI/machine learning to improve scalability and threat detection.  
• Report to executive leadership and boards on cybersecurity posture, emerging threats, security metrics, incident status, and budget requirements with clear, non-technical communications tailored to business decision-makers.  
• Lead special projects including security assessments, regulatory compliance implementations, security tool selections, cloud migrations, merger integrations, and preparation for regulatory examinations. 

• A Bachelor’s degree in Computer Science, Computer/Electrical Engineering, Information Systems, Information Sciences, or a related field with a strong academic record.  
• MBA or other relevant graduate degree is a plus. Certified Information Systems Security
• Professional (CISSP) or similar (CISA, CISM, etc.) is a plus.  
• 7+ years of relevant experience at a hedge fund, family office, or financial institution serving as a Chief Information Security Officer.   
• 5 or more years of IT implementation experience.  
• Experience in cloud only, cloud first infrastructure, and deploying cloud information security solutions.  
• Firm understanding and ability to implement zero-trust security. Firm understanding and experience with Software Defined Networking and Cloud Networking.  
• Firm understanding of single sign-on and multi-factor authentication platforms.  
• Experience driving discussions with senior personnel regarding trade-offs, best practices, project management, and risk mitigation.  
• Firm understanding of work from anywhere models.  
• Experience with IT compliance and risk management requirements.   

• Contractor
• Hours are based on the needs of the assigned client (0-40 hours per week). 

Join a well-funded disruptor in finance and technology.

Enjoy the flexibility of remote work and choosing your assignments.

Be part of a dynamic, high-energy company in its expansion stage. Now is the time to join!

For more information, visit us at Arootah.com.