Head of Cybersecurity Governance

Role Overview

The Head of Cybersecurity Governance is a senior leadership role responsible for establishing, operating, and continuously improving the firm's cybersecurity governance program. This role owns cybersecurity awareness and training, the development and lifecycle management of all security policies and standards, and the coordination of cybersecurity regulatory compliance efforts in partnership with Legal, Privacy, Compliance, Risk, IT, and business teams.

This leader will build and manage a high-performing cybersecurity governance team and serve as a key connector between security strategy, regulatory obligations, and business execution. The role reports to the Chief Information Security Officer (CISO) and plays a critical role in enabling a strong, scalable, and compliant cybersecurity posture across the organization.

This role is hybrid with 3 days per week onsite in St. Louis, MO, New York City, NY or Boston, MA

Key Responsibilities

Cybersecurity Governance & Policy Management

• Own the cybersecurity governance framework, ensuring alignment with enterprise risk management, business objectives, and regulatory requirements.
• Lead the creation, maintenance, and periodic review of all cybersecurity policies, standards, procedures, and guidelines.
• Establish and manage a formal policy lifecycle process, including approvals, exceptions, waivers, and annual reviews.
• Ensure policies are practical, enforceable, and clearly mapped to security controls and regulatory obligations.
• Partner closely with Cybersecurity Engineering, Operations, and Risk Management teams to ensure governance is aligned with real-world controls and practices.

Cybersecurity Awareness & Training Program

• Design, implement, and continuously improve the enterprise cybersecurity awareness and training program.
• Own mandatory security training, phishing simulations, role-based training, and executive-level awareness initiatives.
• Measure training effectiveness through metrics, trends, and risk-based outcomes.
• Promote a strong security culture across the organization, balancing education, accountability, and business enablement.

Regulatory & Compliance Program Leadership

• Partner with Legal, Privacy, Compliance, and Risk teams to design and operate a cohesive cybersecurity regulatory compliance program.
• Interpret and operationalize cybersecurity-related laws, regulations, and standards (e.g., NYDFS, GLBA, SEC, GDPR/CCPA, ISO, NIST).
• Maintain regulatory mappings between requirements, policies, controls, and evidence.
• Support regulatory exams, audits, client due diligence, and third-party assessments related to cybersecurity governance.
• Monitor emerging cyber regulations and assess their impact on the organization.

Cross-Functional Partnership & Stakeholder Engagement

• Act as the primary cybersecurity governance partner for IT, Legal, Compliance, Privacy, HR, and business leaders.
• Translate regulatory and policy requirements into actionable guidance for technical and non-technical teams.
• Provide clear, executive-ready reporting on governance posture, compliance status, and key risk themes.
• Support board-level and executive governance forums with clear, concise insights.

Team Leadership & Program Management

• Build, lead, and mentor a cybersecurity governance team, including policy, training, and compliance specialists.
• Define team structure, roles, career paths, and performance expectations.
• Establish scalable processes, tooling, and metrics to support governance operations.
• Drive continuous improvement through automation, standardization, and data-driven decision-making.

Qualifications & Experience

• 10+ years of experience in cybersecurity, governance, risk, or compliance roles, with increasing leadership responsibility.
• Proven experience building and running cybersecurity governance, policy, and awareness programs in a regulated environment.
• Strong understanding of cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, NYDFS, GLBA, SEC).
• Demonstrated ability to partner effectively with Legal, Compliance, Privacy, IT, and business teams.
• Experience leading and developing teams and managing complex, cross-functional initiatives.
• Exceptional written and verbal communication skills, with the ability to influence at senior and executive levels.

#LI-KJ2

This position is an exempt position. The annualized base pay range for this role is expected to be between $200,000-$225,000 base salary compensation range. Actual base pay may vary based on factors including, but not limited to, experience, subject matter expertise, geographic location where work will be performed, and the applicant's skill set. The base pay is just one component of the total compensation package. Other rewards may include an annual cash bonus and a comprehensive benefits package, including but not limited to medical, dental, vision, life insurance, and 401(k). Please note that the job title is subject to change based on the selected candidate's experience and education.

About Focus Financial Partners

Focus is a leading financial services firm comprised of integrated wealth management, family office, and business management services. Blending deep expertise and expansive resources with a boutique, client-first fiduciary philosophy, Focus helps individuals, families, and institutions navigate complex financial situations with highly personalized solutions tailored to their unique needs. To learn more about Focus, visit or follow the company on LinkedIn.

Focus is an equal opportunity employer and bases its employment decisions on the employee or candidate's skillset, and without regard to an employee or candidate's race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, veteran status, or any other characteristic protected by local, state and/or federal law.


Focus complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact View email address on click.appcast.io.

The following language is for US based roles only

For California Applicants: Information on your California privacy rights can be found here

For Indiana Applicants: It is unlawful for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For Maryland Applicants: I UNDERSTAND THAT UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT OR CONTINUED EMPLOYMENT, THAT ANY INDIVIDUAL SUBMIT TO OR TAKE A POLYGRAP OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING $100.


For Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this shall be subject to criminal penalties and civil liability.


For Montana Applicants: If hired, the employment relationship is governed by the Wrongful Discharge from Employment Act. Mont. Code Ann. Section 39-2-901.

For Rhode Island Applicants: Focus is subject to Chapters 29-38 of Title 28 of the General Laws of Rhode Island and is therefore covered by the state's workers' compensation law. If you willfully provide false information about your ability to perform the essential functions of the job, with or without reasonable accommodations, you may be barred from filing a claim under the provisions of the Workers' Compensation Act of the State of Rhode Island if the false information is directly related to the personal injury that is the basis for the new claim for compensation. The Company complies fully with the Americans with Disabilities Act.