Chief Information Security Officer

The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO’s culture is built around meaningful work and meaningful relationships and the family’s commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi.

The Chief Information Security Officer is a senior executive responsible for designing, implementing, and operating enterprise-wide information security, cybersecurity, AI governance and resilience programs commensurate with a highly complex, global family office and investment functions. This role has materially expanded beyond traditional family office CISO due to operational complexity of securing an internal trade execution pipeline, increasing reliance on cloud-native platforms, CI/CD-driven engineering workflows, and AI-enabled systems.  This position reports to the Chief Risk and Security Officer and will serve as a strategic partner to senior leadership across Investment, Trading, Technology, Compliance, Legal, and Operations, ensuring that information & cyber security enable the business while protecting sensitive financial, personal, and intellectual assets. The role requires deep financial-sector expertise, hands-on understanding of modern software delivery (SDLC/CI-CD), and strong leadership in AI governance, risk management, business continuity and security. 

• →Enterprise & Financial Security Leadership
  • →Own the enterprise information security & cybersecurity strategy across Dalio Family Office entities, including offices and personnel operating in the US, Singapore and Abu Dhabi. 
  • →Design and operate information security controls aligned with financial-sector expectations for confidentiality, integrity, availability, and market integrity. 
  • →Provide oversight and assurance for systems supporting trading, portfolio management, research, treasury, and middle/back-office functions. 
  • →Advise senior leadership and principals on cybersecurity, operational risk, monitoring and systemic risk exposures relevant to investment activities. 
• →Trade Execution Pipeline Security
  • →Lead security architecture and control design for the DFO trade execution pipeline, including integration with OMS, prime brokerage, custodians, and middle/back-office platforms. 
  • →Ensure appropriate preventative, detective, monitoring and responsive controls across the full trade lifecycle and proactively working with the Insider Risk & Investigations team. 
  • →Partner closely with Trading, Investment Engineering, Finance, Data Protection Officer and Compliance to align security with regulatory, audit, and operational requirements. 
  • →Establish controls for privileged access, segregation of duties, data lineage, logging, monitoring, and incident response in trading workflows. 
• →SDLC, CI/CD & Engineering Security
  • →Own application security and DevSecOps strategy across cloud and on-prem environments. 
  • →Embed security & AI controls into SDLC and CI/CD pipelines, including code scanning, dependency management, secrets management, environment isolation, and release governance. 
  • →Partner with Engineering leaders to balance delivery velocity with robust security outcomes. 
  • →Oversee vulnerability management, penetration testing, and remediation programs aligned to business risk. 
• →AI Governance, Risk & Security
  • →Establish and lead AI governance frameworks covering internal and third-party AI systems. 
  • →Assess and manage AI-related risks including data leakage, model misuse, IP exposure, bias, explainability, and regulatory compliance. 
  • →Approve AI use cases involving sensitive data, financial information, or decision-making processes. 
  • →Partner with Legal, Compliance, and Risk to ensure AI controls are defensible, auditable, and aligned with emerging regulations and industry standards. 
• →Cyber, Insider & Third-Party Risk Management
  • →Own enterprise cyber risk management and third-party risk due diligence & oversight in close coordination with the procurement team. 
  • →Manage and govern all critical security vendors, including MDR, MSSPs, and other managed security providers. 
  • →Ensure continuous security monitoring and incident response coverage across all Dalio Family Office entities and global locations, including the U.S., Singapore, and Abu Dhabi. 
  • →Approve risk acceptances, compensating controls, and exceptions through documented, defensible processes. 
  • →Oversee security operations, monitoring, detection, and incident response across global environments. 
  • →Act as incident commander for significant cyber domain events, including escalation to senior leadership. 
• →Governance, Audit & Regulatory Readiness
  • →Ensure security program alignment with financial industry best practices (ISO 27001, NIST, SOC 2, hedge fund / family office expectations). 
  • →Support internal and external audits, examinations, and due diligence requests. 
  • →Develop and maintain security policies, standards, playbooks, and executive reporting. 
  • →Provide clear, concise, and decision-grade reporting to senior leaders and trustees. 
• →Leadership & Organizational Development
  • →Build, lead, and mentor a high-performing global information & cybersecurity security team. 
  • →Foster a culture of risk awareness, accountability, and security-by-design across the organization. 
• →Additional duties as assigned 

• Prior experience in family office, hedge fund, or highly confidential investment environments. 
• Hands-on experience with cloud platforms (Azure, AWS, GCP) and security tooling. 
• Experience supporting global operations across the U.S., Middle East, Europe, and Asia. 
• Demonstrated success scaling information and cybersecurity security programs in fast-moving, high-trust organizations. 

• No less than 15 years of progressive experience in cybersecurity, information security, or technology risk as well as ISO 27001 and SOC2. 
• At least 5 years operating as a senior security leader within the financial sector or relevant adjacent sector (e.g., hedge funds, private investment firms, banks, fintech, or asset managers). 
• Demonstrated recent experience securing trade execution, market-facing systems, or highly sensitive financial platforms. 
• Deep understanding of SDLC, CI/CD pipelines, cloud-native architectures, and modern engineering practices. 
• Proven experience designing and operating AI governance, risk, and security programs. 
• Strong executive communication skills with experience advising principals, boards, or senior leadership.  
• Bachelor’s degree in information security, Computer Science, Engineering, or related field required. 
• Ability to travel domestically and internationally approximately 10% of the year.
• Preferred Qualifications:
  • Advanced degree (MBA, MS) or relevant certifications (CISSP, CISM, CCSP, ISO 27001 Lead Implementer)