IT Manager, Cybersecurity and Compliance

Firm Overview:

Founded in 2003, PEG Companies is a vertically integrated owner, operator, and developer of multifamily, hospitality and build-to-rent assets in the U.S. and Canada with a focus on the Mountain West. PEG currently manages approximately $2B of AUM across seven commingled funds and various separate accounts with over 1,100 employees.

Role Overview:

This role is responsible for designing, implementing, and overseeing the firm's IT governance, cybersecurity, and compliance programs. This role ensures that all information systems and practices adhere to regulatory requirements, particularly those applicable to an SEC-registered investment adviser. This role will lead initiatives in threat mitigation, system hardening, incident response, vendor risk management, and internal IT audits, in addition to supporting secure infrastructure and help desk operations.

This is a key leadership role charged with safeguarding sensitive information, managing regulatory risk, and maintaining a resilient and compliant IT ecosystem in alignment with the firm's broader business and operational strategies.

Responsibilities:

Cybersecurity, Risk Management & Regulatory Compliance

• Lead the firm's cybersecurity program, including architecture, risk assessments, threat detection, incident response, and endpoint protection.
• Develop and maintain security governance frameworks aligned with SEC, NIST, CIS, and FINRA guidelines.
• Conduct regular cyber risk reviews, penetration testing, vulnerability scans, and remediation tracking.
• Own the IT audit lifecycle-preparation, execution, and response-including internal audits and third-party reviews related to SEC compliance.
• Implement secure access controls, encryption standards, data loss prevention (DLP), and log management systems.
• Maintain and update cybersecurity and compliance policies, including incident response plans, business continuity, and disaster recovery protocols.

IT Governance & Policy Management

• Define and enforce IT policies and procedures, including data classification, usage standards, and third-party/vendor risk protocols.
• Oversee identity and access management (IAM) frameworks to ensure secure and role-appropriate system access.
• Manage regulatory reporting and IT documentation requirements in collaboration with the Legal, Finance, and Compliance teams.
• Monitor compliance across all systems and integrations with investor-facing and operational platforms.

Secure Systems Infrastructure & Operations

• Ensure the reliability, integrity, and security of all technology infrastructure, including on-prem and cloud-based systems.
• Support secure deployment and maintenance of enterprise applications across management systems.
• Enforce endpoint protection and device hardening standards across all company hardware and mobile devices.
• Oversee help desk operations with an emphasis on secure, compliant support protocols and access provisioning.

Leadership & Cross-Functional Collaboration

• Serve as the primary IT compliance advisor to executive leadership, presenting cybersecurity posture, risk metrics, and incident updates.
• Partner with business leaders to align security practices with operational needs, investor expectations, and regulatory frameworks.
• Lead and mentor IT team members with a focus on compliance training, performance development, and accountability

Requirements:

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field is required.
• Relevant security and compliance certifications (e.g., CISSP, CISM, CRISC, or CompTIA Security+) strongly preferred

Experience:

• 8+ years of progressive IT experience, including at least 3 years in a cybersecurity or IT compliance leadership role.
• Proven experience managing IT functions within a regulated environment, ideally within an SEC-registered investment advisor or broker-dealer.
• Strong background in cybersecurity frameworks, GRC (governance, risk, and compliance) tools, and enterprise system management.
• Familiarity with cloud infrastructure security (Azure, AWS), endpoint management, and zero-trust architectures.
• Prior experience supporting a multi-entity or multi-location organization is a plus.

Skills and Competencies:

• Deep understanding of information security principles, risk analysis, and regulatory requirements for financial institutions.
• Expertise in compliance frameworks such as NIST, ISO/IEC 27001, SOC 2, and GLBA.
• Strong analytical, communication, and cross-functional leadership skills.
• Ability to translate complex security requirements into actionable solutions across technical and non-technical teams.

Physical Requirements:

• Must be able to tolerate prolonged periods of sitting and/or standing at desk.
• Must be able to operate a computer, telephone, and/or keyboard and tolerate prolonged periods performing work using a computer, telephone, and/or keyboard.
• Must be able to lift up to 25 pounds occasionally.
• Occasional travel may be required.

Compensation:

• Competitive base salary and discretionary bonus.
• Comprehensive benefits package, including health insurance, retirement plan, and professional development opportunities.