Associate Director, Information Security Risk

EQT is looking for an Associate Director, Information Security Risk to serve as the firm's subject matter expert on information security risk — translating complex cybersecurity and technology risk into clear governance frameworks and actionable business outcomes. This is a senior individual contributor role sitting within the CISO function, reporting directly to the CISO, and operating across a global, regulated financial services environment.

About the Team

Risk, Regulatory, Compliance & Security (RRCS) is a global function within EQT Central Functions, spanning Europe, Asia Pacific and North America. The team works independently while partnering closely with the business and Technology functions to navigate a complex and continuously evolving regulatory and threat landscape. RRCS is a high-standards, commercially minded function where clarity of thought and quality of output genuinely matter.

About the Role

As Associate Director, Information Security Risk, you will shape and steward EQT's information security risk and control governance capability, acting as the critical bridge between RRCS, Technology, and the wider business. You will bring both depth and breadth — credible enough to challenge Technology teams on architecture and controls, and articulate enough to brief senior leadership and board-level audiences with precision.

• Develop and continuously improve EQT's information security risk and control framework, ensuring it remains fit for purpose as the threat landscape and regulatory environment evolve.
• Maintain a robust risk register; identify, assess and track security risks across the firm and escalate material issues to the CISO and relevant governance forums.
• Design and implement pragmatic, proportionate security controls that balance risk reduction with business agility.
• Draft, maintain and enforce information security policies, standards and procedures aligned to regulatory requirements and industry best practice.
• Lead implementation of applicable regulatory frameworks across EQT's global footprint (including DORA, NIS2, ISO 27001 and NIST) and monitor the horizon for emerging obligations.
• Oversee the information security component of third-party vendor risk reviews, including critical outsourcing assessments; define vendor security requirements and track remediation of identified gaps.
• Play a central role in EQT's cyber incident response capability — coordinating response activities, ensuring governance obligations are met, and leading post-incident reviews.
• Produce high-quality, board-ready reporting, risk appetite dashboards and briefing materials for senior management and governance committees.

About You

You are a seasoned information security risk professional with a commercial mindset and a talent for making complex risk topics accessible to senior audiences. You build trust across functions naturally, hold your ground on risk positions constructively, and bring genuine intellectual rigour to governance and control design.

What you'll bring (must-have):

• Around 10 years of experience in information security risk, cybersecurity governance, or technology risk within asset management, private equity, banking or financial services.
• Proven track record building and operating security risk and control frameworks in a regulated financial services environment.
• Hands-on experience implementing regulatory frameworks such as DORA, NIS2, ISO 27001 or NIST, with solid understanding of cross-border regulatory dynamics.
• Demonstrated experience leading third-party vendor risk assessments, including outsourcing and critical supplier reviews.
• Solid background in incident response, from operational coordination through to governance reporting and lessons learned.
• Deep working knowledge of cybersecurity technologies, architectures and solutions, sufficient to advise and credibly challenge Technology teams.
• Strong communication skills with the ability to distil complex technical and risk topics into concise, impactful materials for senior and board-level audiences.

Nice to have:

• Relevant professional qualifications such as CISM, CRISC or CISSP.
• Experience working within an international team or matrix organisation.
• Familiarity with digital tools and workflow automation that enhance team efficiency and risk reporting.
• Exposure to data governance obligations and their intersection with information security risk.
• Prior experience contributing to board or senior governance committee reporting in a financial services context.

What We Offer

At EQT, you will join a global firm that operates at the intersection of technology, finance and impact. You will have direct access to senior leadership, meaningful scope to shape how information security risk is governed at a complex, internationally active firm, and the opportunity to work alongside colleagues who hold themselves and each other to a high standard. EQT supports continuous professional development and values diverse perspectives as a driver of better outcomes.

Compensation & Benefits Notice

We offer a competitive total rewards package including base salary, determined based on the role, experience, skill set, and location. Eligible employees may also receive discretionary incentive compensation, awarded in recognition of individual performance and company results. EQT provides a comprehensive benefits offering designed to support employee wellbeing, development, and work-life balance. Benefits include paid time off, parental leave, wellbeing and wellness support, flexible working arrangements, and learning and development opportunities. Benefits are effective from the first day of employment and may vary by location and role.

Inclusion at EQT

Our vision for EQT employees is to build high performing & engaged teams. Our competitive edge comes from fostering an environment where every individual feels valued, empowered, and motivated to drive business impact. Our commitment to inclusion is not just about fairness; We understand and believe that being a great place to work drives the best performance.At EQT, inclusion is a business imperative and it's embedded into our talent strategy, decision-making, and culture to ensure that every individual and team operates at their full potential. By doing so, we unlock better collaboration, stronger innovation, and superior investment outcomes.

About EQT

EQT is a purpose-driven global investment organization focused on active ownership strategies. With a Nordic heritage and a global mindset, EQT has a track record of over three decades of developing companies across multiple geographies, sectors and strategies. EQT has investment strategies covering all phases of a business’ development, from start-up to maturity. EQT has EUR ‌​​270 billion in total assets under management (EUR ‌​​‌141 billion in fee-generating assets under management), within two business segments – Private Capital and Real Assets.

With its roots in the Wallenberg family’s entrepreneurial mindset and philosophy of long-term ownership, EQT is guided by a set of strong values and a distinct corporate culture. EQT manages and advises funds and vehicles that invest across the world with the mission to future-proof companies, generate attractive returns and make a positive impact with everything EQT does. EQT has offices in more than 25 countries across Europe, Asia and the Americas and has more than 1,900 employees.

More info: www.eqtgroup.com
Follow EQT on LinkedIn, X, YouTube and Instagram