MTradecraft provides cybersecurity compliance consulting and Remote CISO services to SEC-registered investment advisers, hedge funds, and broker-dealers. We translate the technical reality of your environment into the documentation your regulators, your cyber insurance carrier, and your institutional investors expect to see.
Most firms come to us for one of two reasons — an upcoming SEC examination, or a request from their cyber insurance carrier, a custodian, or an institutional DDQ they cannot answer with what they currently have on file. Both engagements are built to close that gap and keep it closed.
A full cybersecurity compliance program operated on an annual cadence. Quarterly attack surface assessments, documented policy and procedure updates, vendor oversight, and exam-ready evidence retention. Built for firms that have a CCO and an outsourced IT provider but no internal cybersecurity function.
Everything in the Cyber Compliance Consultant program, plus a named Chief Information Security Officer for your firm. Used by firms whose insurance carriers, prime brokers, or institutional investors require a named CISO on the cybersecurity governance chart.
The actual pressure on a firm's cybersecurity program comes from five places, and they are the five things our engagements are designed to answer for:
Renewal applications now run 40 to 80 questions on access controls, MFA coverage, backup posture, incident response procedures, and named security leadership. The answers determine whether a firm gets coverage, what it pays, and what is excluded.
Every major custodian runs an annual cybersecurity attestation. Prime brokers and fund administrators ask the same questions in a different format. None of them accept "we use a good MSP" as an answer.
Pension consultants, endowment investment offices, and fund-of-funds now ask about CISO designation, third-party penetration testing, and tabletop exercise cadence in their standard due diligence questionnaires. A weak answer here costs allocations.
Examiners ask for the firm's cybersecurity policies, the most recent annual review under Rule 206(4)-7, and the evidence file showing the policies were actually implemented and tested. Firms without documentation written by a knowledgeable party fail this test.
The firm's clients assume the firm they hired is operating like Fort Knox. When a client picks up the phone and asks how their data is protected, what the firm did when a breach was reported in the news, or what happens to their account if the firm's email is compromised — the answer has to be specific, accurate, and unrehearsed. Vague reassurances cost trust on the first call and assets under management on the second. A documented program is the only way to answer those questions consistently across every person at the firm who might take them.
Not every firm is ready for a full engagement. The BrainTrust gives CCOs and IT managers access to MTradecraft's cybersecurity policy library, incident response templates, vendor due diligence questionnaire, annual review template, and the AI compliance framework — the same materials we use in our consulting engagements.
Free tier includes the Securing Compliance report and starter templates. Premium tier at $2,500 a year unlocks the full library, FieldCraft Security Awareness Training for up to 50 users, and email support from MTradecraft on cybersecurity compliance questions.
Most calls start with a specific trigger — an upcoming examination, an insurance renewal, a DDQ response, or a custodian attestation. Tell us what's driving the timing and we'll tell you honestly whether we can help.
Click here to start a conversation →