OnePoint BFG Wealth Partners
Director of Information Technology (Parsippany)
OnePoint BFG Wealth Partners, Parsippany, New Jersey, United States, 07054
Director of IT & Security / Chief Information Security Officer (CISO)
Job Description
Overview
The Director of IT & Security / Chief Information Security Officer (CISO) is responsible for overseeing the firms technology operations, cybersecurity strategy, and risk management program. This role provides leadership across IT infrastructure, security architecture, identity management, vendor governance, and incident response. The Director/CISO works closely with the CTO and senior leadership to maintain a secure, compliant, and resilient environment that supports advisor productivity and protects client data.
Key Responsibilities Cybersecurity Leadership (CISO Responsibilities) Lead the firms cybersecurity strategy, security architecture, and governance program. Own and mature the
Incident Response Plan (IRP) , including tabletop exercises, documentation, and real-time incident leadership. Maintain and enhance the
Business Continuity Plan (BCP)
and disaster recovery processes. Oversee vulnerability management, security monitoring, and threat response in coordination with SOC and MSP partners. Administer and optimize Microsoft security controls including
Purview, Defender, DLP, labeling, retention, and data governance . Ensure alignment with industry frameworks and regulatory expectations (NIST CSF, CIS, SEC/FINRA). Regularly brief senior leadership on cyber risks, posture, and remediation activities. Identity & Access Management Serve as primary owner for
Entra ID
and
Okta , including MFA, SSO, identity lifecycle, and access governance. Enforce least-privilege access, conditional access policies, privileged access management, and entitlement reviews. IT Operations & Infrastructure Lead daily IT operations including endpoints, cloud systems, and network environments. Manage Microsoft 365 administration across
Exchange Online, Intune, Entra, Purview, and Copilot readiness . Oversee network reliability and troubleshoot complex issues involving routing, DNS, certificates, encryption, proxies, and VPN technologies. Direct device provisioning, patch management, configuration baselines, and system hardening across the environment. Vendor Management & Due Diligence Own the firms
vendor due diligence program , including security reviews, documentation management, and risk scoring. Oversee vendor renewals, SLAs, and performance monitoring for MSPs, cloud services, cybersecurity partners, and critical system providers. Governance, Compliance, and Audit Support Develop and maintain IT and security policies, standards, and procedures. Partner with Compliance and Legal on regulatory requirements, cybersecurity questionnaires, and client or regulator due diligence. Provide evidence, reporting, and remediation support for audits and assessments. Strategic Planning & Leadership Partner with the CTO to define and execute the multi-year IT and security roadmap. Evaluate emerging technologies and determine firm readiness (AI, Copilot, automation, endpoint strategy). Lead, mentor, and develop IT team members; establish processes, SLAs, and escalation paths. Promote a security-first culture through communication, training, and consistent enforcement of best practices.
Qualifications 812+ years of progressive experience in IT infrastructure and cybersecurity, including leadership experience. Expert-level knowledge of: Microsoft 365
administration (Entra ID, Intune, Purview, Exchange Online, Defender, Copilot ecosystem) Okta
administration and identity lifecycle management Networking fundamentals and troubleshooting
(DNS, certificates, encryption, routing, VPN, firewalls) Security governance and frameworks
(NIST, CIS, ISO27001) Hands-on experience managing IRP, BCP/DR programs, and incident handling. Strong vendor management and due diligence experience. Understanding of compliance requirements in regulated industries (finance preferred). Experience working with or administering
VDI environments
(Azure Virtual Desktop, Citrix, VMware Horizon, or similar). Excellent communication, documentation, and leadership skills. Required/Preferred Certifications CISSP
strongly preferred Microsoft Advanced Administrator Certification
(or equivalent senior Microsoft 365 admin credential) Okta Certified Administrator or Okta Certified Professional Why Join Us Partner directly with the CTO
to shape and elevate the firms IT and cybersecurity strategy, influencing decisions that protect and enable the entire organization. Lead with both execution and innovation
drive critical IT and security initiatives while exploring new technologies that strengthen resilience and improve advisor productivity. Join a collaborative, high-performing technology team
that values ownership, accountability, and continuous improvement in a fast-growing, client-centric environment.
Key Responsibilities Cybersecurity Leadership (CISO Responsibilities) Lead the firms cybersecurity strategy, security architecture, and governance program. Own and mature the
Incident Response Plan (IRP) , including tabletop exercises, documentation, and real-time incident leadership. Maintain and enhance the
Business Continuity Plan (BCP)
and disaster recovery processes. Oversee vulnerability management, security monitoring, and threat response in coordination with SOC and MSP partners. Administer and optimize Microsoft security controls including
Purview, Defender, DLP, labeling, retention, and data governance . Ensure alignment with industry frameworks and regulatory expectations (NIST CSF, CIS, SEC/FINRA). Regularly brief senior leadership on cyber risks, posture, and remediation activities. Identity & Access Management Serve as primary owner for
Entra ID
and
Okta , including MFA, SSO, identity lifecycle, and access governance. Enforce least-privilege access, conditional access policies, privileged access management, and entitlement reviews. IT Operations & Infrastructure Lead daily IT operations including endpoints, cloud systems, and network environments. Manage Microsoft 365 administration across
Exchange Online, Intune, Entra, Purview, and Copilot readiness . Oversee network reliability and troubleshoot complex issues involving routing, DNS, certificates, encryption, proxies, and VPN technologies. Direct device provisioning, patch management, configuration baselines, and system hardening across the environment. Vendor Management & Due Diligence Own the firms
vendor due diligence program , including security reviews, documentation management, and risk scoring. Oversee vendor renewals, SLAs, and performance monitoring for MSPs, cloud services, cybersecurity partners, and critical system providers. Governance, Compliance, and Audit Support Develop and maintain IT and security policies, standards, and procedures. Partner with Compliance and Legal on regulatory requirements, cybersecurity questionnaires, and client or regulator due diligence. Provide evidence, reporting, and remediation support for audits and assessments. Strategic Planning & Leadership Partner with the CTO to define and execute the multi-year IT and security roadmap. Evaluate emerging technologies and determine firm readiness (AI, Copilot, automation, endpoint strategy). Lead, mentor, and develop IT team members; establish processes, SLAs, and escalation paths. Promote a security-first culture through communication, training, and consistent enforcement of best practices.
Qualifications 812+ years of progressive experience in IT infrastructure and cybersecurity, including leadership experience. Expert-level knowledge of: Microsoft 365
administration (Entra ID, Intune, Purview, Exchange Online, Defender, Copilot ecosystem) Okta
administration and identity lifecycle management Networking fundamentals and troubleshooting
(DNS, certificates, encryption, routing, VPN, firewalls) Security governance and frameworks
(NIST, CIS, ISO27001) Hands-on experience managing IRP, BCP/DR programs, and incident handling. Strong vendor management and due diligence experience. Understanding of compliance requirements in regulated industries (finance preferred). Experience working with or administering
VDI environments
(Azure Virtual Desktop, Citrix, VMware Horizon, or similar). Excellent communication, documentation, and leadership skills. Required/Preferred Certifications CISSP
strongly preferred Microsoft Advanced Administrator Certification
(or equivalent senior Microsoft 365 admin credential) Okta Certified Administrator or Okta Certified Professional Why Join Us Partner directly with the CTO
to shape and elevate the firms IT and cybersecurity strategy, influencing decisions that protect and enable the entire organization. Lead with both execution and innovation
drive critical IT and security initiatives while exploring new technologies that strengthen resilience and improve advisor productivity. Join a collaborative, high-performing technology team
that values ownership, accountability, and continuous improvement in a fast-growing, client-centric environment.