Deputy CISO

About Davidson Kempner 

Davidson Kempner Capital Management LP is a global investment management firm. Founded in 1983, Davidson Kempner is headquartered in New York and has offices in Philadelphia, London, Dublin, Hong Kong, Shenzhen, Mumbai and Abu Dhabi. Our Firm invests globally and opportunistically across the capital structure, in a variety of credit and equity strategies as well as real assets. We apply our multi-dimensional, research-driven investment process to evaluate and execute a diverse range of transactions across asset classes, geographies and market cycles. We target complex, global situations where our experience and expertise can unlock value.

We bring together exceptional people from different disciplines and backgrounds who are energized by the challenges of navigating complexity. We look for people who demonstrate exceptional critical thinking skills, innate curiosity, creativity and embrace diverse viewpoints to calibrate their decisions. These differentiators make our people successful beyond a specific job at Davidson Kempner – but throughout their journey with us over many years.

The Role 

The Deputy Chief Information Security Officer is the CISO’s operational right-hand and execution leader, responsible for turning security strategy into measurable delivery. This role runs the Cyber Resilience function, ensuring the firm can anticipate, withstand, and recover from cyber events by continuously reducing exposure and maintaining strong incident response and recovery capability.

Reporting line and scope
Reports to the CISO and serves as acting CISO as needed, providing leadership continuity and senior escalation. Owns the Cyber Resilience portfolio and delivery cadence across vulnerability and risk management, disaster recovery governance, privileged access management, software development security, security monitoring and incident response.

The Person 

What you will do as Davidson Kempner’s Deputy CISO

• Execute the Cyber Resilience security roadmap.
  • Own the operating rhythm for Cyber Resilience delivery including prioritization, milestones, dependencies, and removal of blockers across technology teams. Provide clear status, decision points, and risk tradeoffs to the CISO and senior leaders.
• Lead security monitoring and incident response outcomes
  • Oversee security alert triage and investigation workflows, including escalations from MDR and internal security tools. Act as incident commander during significant events, coordinating response, communications, and external support, and driving post incident improvements.
• Drive vulnerability and risk management with meaningful prioritization
  • Own attack surface management and vulnerability reduction across infrastructure and cloud, with prioritization based on exploitability, reachability, and business impact. Plan and coordinate third party penetration testing, ensure clear remediation ownership, and drive closure on high impact findings.
• Own disaster recovery governance and validation
  • Define disaster recovery expectations, backup and retention requirements, and recovery target requirements. Coordinate disaster recovery exercises and validate failover and service recovery readiness with engineering and application owners, including findings publication and remediation tracking.
• Own privileged access management modernization
  • Lead secrets vaulting and rotation, privileged oversight and monitoring, tier zero governance, and just in time elevation to reduce standing privilege. Define privileged identity standards and ensure ongoing review of privileged access.
• Embed security into software delivery where it matters most
  • Provide consultative guidance to application teams on secure patterns. Support application security tooling direction including SAST, DAST, and secrets scanning. Lead or approve architecture and design reviews for externally facing services and materially exposed systems.
• Communicate like an exec, measure like an operator
  • Define and report recurring metrics for vulnerabilities, privileged access controls, incident response performance, and recovery readiness. Translate technical findings into decisions and prioritization that business and technology leadership can act on.
• Build and lead the team and partners
  • Lead internal staff supporting these functions and manage service partners that augment capabilities, including MDR and incident response retainer relationships. Create clear accountability, coaching, and standards for consistent execution.

 

Candidate Profile  

Our most competitive candidates will have:

• Senior security leadership experience with accountability for outcomes across major security domains, especially incident response leadership and at least two of: vulnerability management, privileged access management, disaster recovery governance, application security.
• Proven ability to run cross functional security programs and drive delivery across engineering and technology teams, often without direct authority.
• Strong executive communication skills, including the ability to present risk, options, and recommendations clearly to senior stakeholders.
• Demonstrated ability to build and develop high performing teams.

The ideal candidate will demonstrate the following expected skills and behaviors:

• Experience in regulated or high assurance environments, including strong governance practices, audit readiness, and documented decision making.
• Experience modernizing security operations tooling and processes, including MDR integration and repeatable incident lifecycle improvement.
• Experience modernizing privileged access controls including vaulting, rotation, session monitoring, tier zero governance, and just in time elevation.
• Certifications such as CISSP, CISM, CRISC, or equivalent experience.

 

Delivers

• Expertly multi tasks without sacrificing a high standard of work product and output
• Consistently looks for better solutions versus acceptance of existing processes
• Is open to diverse viewpoints, promotes cutting edge thinking and solutions, and encourages adoption of best practices

Connects

• Is considered a valued, respectful and inclusive partner to stakeholders
• Proactively manages strong internal and external partnerships and identifies opportunities to build and strengthen relationships
• Listens to find common ground and tailors the message to articulate what is in it for them

Leads

• Exhibits strong work ethic and sets the example for others
• Is enthusiastic and optimistic, prioritizes team goals, and seeks opportunities to improve cohesion and celebrate team success
• Navigates difficult situations and has hard conversations respectfully