Director, Technology Risk & Controls

Job Description Summary

For over forty years, Harbour Vest has been home to a committed team of professionals with an entrepreneurial spirit and a desire to deliver impactful solutions to our clients and investing partners. As our global firm grows, we continue to add individuals who seek a collaborative, open-door culture that values diversity and innovative thinking.

In our collegial environment that’s marked by low turnover and high energy, you’ll be inspired to grow and thrive. Here, you will be encouraged to build on your strengths and acquire new skills and experiences.

We are committed to fostering an environment of inclusion that promotes mutual respect among all employees. Understanding and valuing these differences optimizes the potential of both the individual and the firm.

Harbour Vest is an equal opportunity employer.

This position will be a hybrid work arrangement. You will receive 18 remote workdays per quarter to use at your discretion, subject to manager approval. For example, you may choose to work in the office 4 days per week and take one remote day weekly (typically 13 weeks per quarter), leaving 5 additional remote days to be used as needed.

We are seeking a Director, Technology Risk And Controls to own the firm’s IT control environment and handle the technology scope of our SOC 1 certification. This role is responsible for modernizing IT controls to align with cloud-first infrastructure, SaaS platforms, Dev Ops practices, and evidence collection supported by automated processes.

In addition to SOC 1 ownership, this leader will play a key role in strengthening cybersecurity governance, policy management, risk assessments, and board-level reporting. The Director will work closely with IT, Information Security, Accounting, Legal, Compliance, Vendor Management, Enterprise Risk, and external auditors to ensure the technology and cybersecurity control framework remains effective, scalable, modern and aligned with evolving global regulatory and threat landscapes.

• Oversee the IT portion of the SOC 1 program, including ITGCs, automated controls, key reports, and system boundaries.

• Serve as the primary liaison with external auditors for all technology-related SOC 1 matters.

• Lead annual prioritisation, risk assessments, walkthroughs, testing coordination, and remediation tracking.

• Redesign IT controls to reflect modern tooling, cloud infrastructure, SaaS platforms, and automation.

• Implement scalable, automated approaches to auditor evidence collection and continuous control monitoring.

• Improve and maintain IT guidelines, criteria, and protocols to ensure compliance with industry regulations and standards.

• Embed automation and system-generated evidence into control processes to reduce manual audit burden.

• Develop dashboards and reporting to provide insight into control performance and deficiencies.

• Drive continuous improvement of the organization’s IT risk and control framework.

• Expertise in the various common cyber security frameworks (ISO
  27001, NIST CSF & 800-53 etc.).

• Lead regular cybersecurity risk assessments and control reviews to identify emerging threats and vulnerabilities.

• Partner with Security Operations to evaluate findings and help develop practical mitigation strategies.

• Lead all aspects of and report efficiency of the cybersecurity program using defined targets and metrics.

• Stay ahead of evolving cybersecurity threats, regulatory expectations, and industry standards, and support implementation of vital updates.

• Assist the CISO in preparing quarterly cybersecurity and technology risk updates for the Board of Directors.

• Develop clear, executive-ready reporting that translates technical risk into business impact.

• Provide structured updates on SOC 1 status, audit findings, remediation progress, and risk trends.

• Shown expertise leading SOC 1 (Type I and Type II) certification efforts within a financial services organization.

• Good experience crafting and…