Sr. Information Security & Risk Analyst

Addepar

  • New York City, NY
  • $113,000-176,000 per year
  • Permanent
  • Full-time
  • 16 days ago
Who We AreAddepar is a global technology and data company that helps investment professionals provide the most informed, precise guidance for their clients. Hundreds of thousands of users have entrusted Addepar to empower smarter investment decisions and better advice over the last decade. With client presence in more than 50 countries, Addepar's platform aggregates portfolio, market and client data for over $8 trillion in assets. Addepar's open platform integrates with more than 100 software, data and services partners to deliver a complete solution for a wide range of firms and use cases. Addepar embraces a global flexible workforce model with offices in New York City, Salt Lake City, Chicago, London, Edinburgh, Pune and Dubai.The RoleWe are currently seeking a Senior Information Security & Risk Analyst to join our Information Security & Risk team as part of the expanding team within our New York, USA location. The successful candidate will have the opportunity to help take Addepar's Information Security and Governance programs to the next level.The Information Security & Risk ('ISR') organization at Addepar is focused on establishing clear, simple and consistent control frameworks, and providing effective oversight of information security and technology activities. This organization plays a critical role in helping to balance risk-taking activities and decisions with opportunities to manage risk.The successful candidate will be skilled in supporting high-impact governance, risk and compliance programs that align to the size and maturity of our business.Addepar takes a market-based approach to pay. A successful candidate's starting pay will be determined based on the role, job-related skills, experience, qualifications, work location, and market conditions. The range displayed on each job posting reflects the minimum and maximum target base salary for roles in Colorado, California, and New York.The current range for this role is $113,000 - $176,000 + bonus + equity + benefits.Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Additionally, these ranges reflect the base salary only, and do not include bonus, equity, or benefitsWhat You'll Do
  • Drive a more optimized Information Security and Risk Program, aligned with industry standard frameworks such as the NIST Cybersecurity Framework.
  • Lead independent risk assessments of our environment focusing on our platform and its supporting third party and internally developed software, infrastructure, and tools.
  • Support build-out of an enterprise metrics program and risk reporting framework to communicate risk to senior management.
  • Partner with control owners, engineers and other teams to facilitate reviews of new products and services, to ensure risks are identified, communicated, and mitigated.
  • Support SOC2 reviews including project management, planning, and coordination across Addepar teams and external auditors.
  • Maintain Addepar Information Security & Risk policies and standards, aligning to business and Client needs.
  • Assist in the management of Addepar's Client Due Diligence Program through the composition and maintenance of security collateral.
  • Drive improvements and execution of risk and governance awareness programs.
  • Work as part of a global operating team across multiple timezones.
Who You Are
  • 5+ years of experience managing, consulting, auditing, or working in the fields of Information security or Technology Risk required. AWS Cloud Security experience preferred.
  • Demonstrate strong analytical, communication, and problem solving skills.
  • Experience identifying and communicating key risks related to cloud implementations and architectures.
  • Ability to manage multiple high-visibility and high-impact projects while maintaining superior results.
  • Familiarity with control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, ISO) and SOC2 audit compliance.
  • Hands-on experience with Amazon Web Services (AWS) or similar cloud platform
  • Basic understanding of core AI concepts and emerging technologies within the AI space.
  • Professional certification: AWS Certified Solutions Architect, AWS Certified Security Specialty, Certified Information Security Auditor (CISA) or Certified Information Systems Security Professional (CISSP) (Optional)
Our Values
  • Act Like an Owner - Think and operate with intention, purpose and care. Own outcomes.
  • Build Together - Collaborate to unlock the best solutions. Deliver lasting value.
  • Champion Our Clients - Exceed client expectations. Our clients' success is our success.
  • Drive Innovation - Be bold and unconstrained in problem solving. Transform the industry.
  • Embrace Learning - Engage our community to broaden our perspective. Bring a growth mindset.
In addition to our core values, Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.PHISHING SCAM WARNING: Addepar is among several companies recently made aware of a phishing scam involving con artists posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote “interviews,” and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from Addepar without a formal interview process. Additionally, Addepar will not ask you to purchase equipment or supplies as part of your onboarding process. If you have any questions, please reach out to .

Addepar