Yodlee
Information Security Risk Management Director
Yodlee, Raleigh, North Carolina, United States, 27601
Envestnet is seeking an
Information Security Risk Management Director
to join our Finance department. This is a hybrid role, with in-office work required at either our Berwyn, PA or Raleigh, NC office.
Before applying for this role, please read the following information about this opportunity found below.
Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions u2013 backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nationu2019s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnetu2019s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients.u00A0
Envestnetu2019s Strategy:
Deliver the industry-leading wealth management platform, powered by advanced data and insightsu00A0
Leverage our scale and efficiencies to serve our clientsu2019 needs comprehensivelyu00A0
Enable financial advisors to deliver more holistic advice u2013 reflecting a more complete view of their clientsu2019 financial lives, and in a more connected environment
For more information, please visit www.envestnet.com.
Job Summary: u00A0
Reporting into the Head of Information Security, the Information Security Risk Management Director will lead the Information Security Risk Management function. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in information security risk management and cybersecurity, with working knowledge and experience in risk management frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector. Envestnet is looking for a strong transformational risk expert who can work closely with cross-functional security, operations, and engineering teams supporting leadership to ensure a robust comprehensive security risk management program is in place. This includes top down and bottom-up assessments, while ensuring communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.
Job Responsibilities:
Owns the information security risk management function to conduct security risk and control assessments to identify potential risks from threats and vulnerabilities within the organization's information assets, infrastructure and applications.u00A0
Responsible for assuring that all risk management activities are properly performed, documented, communicated professionally and clearly, and that all documentation is organized efficiently and effectively within the Archer GRC tool.
Ensure that control effectiveness assessments are aligned with our NIST based policies and standards by collaborating with cross-functional teams to understand technical implementations and assess control effectiveness
Partner and work closely with the peers to develop an approach to an expanded insider threat program and provide related structure, and management practices for the Envestnet enterprise.
Responsible for refining and documenting the process used by the risk Management team and managing the adherence to it; develops new processes or modifies existing processes in alignment with NIST CSF 2.0 and other relevant risk models as needed.
Drive information security risk orchestration activities and process improvements to ensure proper full coverage across products and services
Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences using a NIST based framework for quantified and qualitative models.
Develop and facilitate threat driven cyber scenarios and architectural visuals to support the assessment process to feed into the risk assessment pipeline and subsequent roadmaps for remediation.
Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification as needed.
Develop and implement strategies for information security risk management, ensuring alignment with threat-driven, risk-based technical, compliance and business requirements, while providing risk-informed guidance.u00A0
Development and maintenance of aggregated risk metrics for the cyber security program.
Providing regular reports, presentations and updates to the head of information security to deliver to senior management on risk activities and outcomes.
Responsible for ensuring the timely, responses, coordination and management of all risk management.
Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.u00A0
Own the tooling and management of risk management process related to Archer
Drive enhancement of the security risk management program, including developing and maintaining policies, standards, guidelines, procedures, and frameworks.u00A0
Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.u00A0
Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures for technical and non-technical stakeholders, including senior management.
Familiar with using and implementing GRC tools for audits and evidence management such as Archer
Support the evolution of the information security risk management function including the use of and adoption of AI.
Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.u00A0
As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk
Required Qualifications:u00A0
10+ years of experience in security risk assessment, with a focus on quantitative and qualitative IS risk analysis, or equivalent and relevant security experience.
One or more industry recognized and relevant Cybersecurity certifications such as CISSP, ISSMP, CRISC, CISM, CERT, CISA etc.
Strong understanding of relevant frameworks, standards and methods related to information security risk management, cybersecurity principles, and concepts
Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider
7 years technical risk management function for a financial institution
Strong project management skills with the ability to prioritize tasks and manage multiple projects and workstreams simultaneously.
Understand and apply the architecture, security controls, and deployment models of advanced risk management and assessment methodologies, compliance frameworks (such as NIST, FAIR, CACI, GDPR, SOC2, and PCI DSS.
Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences
Experience developing attack scenarios to assist with risk management and assessment activities.
Knowledge of and experience with using threat contextualization and ingestion into the risk management and cyber roadmap processes
Experience with security risk remediation programs, including technical implementation and compliance considerations
Direct experience with driving risk management and assessments for enterprise level program evolution and cloud service models in the financial sector
Experience leading, assessing and managing risk in SAAS service provide.
Familiarity with the convergence of various cyber control frameworks and the generation of control requirements in the context of risk management.
Strong analytical and problem-solving skills, with attention to detail and accuracy.
Envestnet:u00A0
Be a member of an innovative and industry leading financial technology and solutions companyu00A0
Competitive Compensation/Total Reward Packages that include: Health Benefits (Health/Dental/Vision)
Paid Time Off (PTO) & Volunteer Time Off (VTO)
401K u2013 Company Match
Annual Bonus Incentives
Parental Stipendu00A0
Tuition Reimbursement
Student Debt Program
Charitable Matchu00A0
Wellness Programu00A0
#LI-AQ1
#J-18808-Ljbffr
Information Security Risk Management Director
to join our Finance department. This is a hybrid role, with in-office work required at either our Berwyn, PA or Raleigh, NC office.
Before applying for this role, please read the following information about this opportunity found below.
Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions u2013 backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nationu2019s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnetu2019s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients.u00A0
Envestnetu2019s Strategy:
Deliver the industry-leading wealth management platform, powered by advanced data and insightsu00A0
Leverage our scale and efficiencies to serve our clientsu2019 needs comprehensivelyu00A0
Enable financial advisors to deliver more holistic advice u2013 reflecting a more complete view of their clientsu2019 financial lives, and in a more connected environment
For more information, please visit www.envestnet.com.
Job Summary: u00A0
Reporting into the Head of Information Security, the Information Security Risk Management Director will lead the Information Security Risk Management function. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in information security risk management and cybersecurity, with working knowledge and experience in risk management frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector. Envestnet is looking for a strong transformational risk expert who can work closely with cross-functional security, operations, and engineering teams supporting leadership to ensure a robust comprehensive security risk management program is in place. This includes top down and bottom-up assessments, while ensuring communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.
Job Responsibilities:
Owns the information security risk management function to conduct security risk and control assessments to identify potential risks from threats and vulnerabilities within the organization's information assets, infrastructure and applications.u00A0
Responsible for assuring that all risk management activities are properly performed, documented, communicated professionally and clearly, and that all documentation is organized efficiently and effectively within the Archer GRC tool.
Ensure that control effectiveness assessments are aligned with our NIST based policies and standards by collaborating with cross-functional teams to understand technical implementations and assess control effectiveness
Partner and work closely with the peers to develop an approach to an expanded insider threat program and provide related structure, and management practices for the Envestnet enterprise.
Responsible for refining and documenting the process used by the risk Management team and managing the adherence to it; develops new processes or modifies existing processes in alignment with NIST CSF 2.0 and other relevant risk models as needed.
Drive information security risk orchestration activities and process improvements to ensure proper full coverage across products and services
Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences using a NIST based framework for quantified and qualitative models.
Develop and facilitate threat driven cyber scenarios and architectural visuals to support the assessment process to feed into the risk assessment pipeline and subsequent roadmaps for remediation.
Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification as needed.
Develop and implement strategies for information security risk management, ensuring alignment with threat-driven, risk-based technical, compliance and business requirements, while providing risk-informed guidance.u00A0
Development and maintenance of aggregated risk metrics for the cyber security program.
Providing regular reports, presentations and updates to the head of information security to deliver to senior management on risk activities and outcomes.
Responsible for ensuring the timely, responses, coordination and management of all risk management.
Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.u00A0
Own the tooling and management of risk management process related to Archer
Drive enhancement of the security risk management program, including developing and maintaining policies, standards, guidelines, procedures, and frameworks.u00A0
Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.u00A0
Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures for technical and non-technical stakeholders, including senior management.
Familiar with using and implementing GRC tools for audits and evidence management such as Archer
Support the evolution of the information security risk management function including the use of and adoption of AI.
Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.u00A0
As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk
Required Qualifications:u00A0
10+ years of experience in security risk assessment, with a focus on quantitative and qualitative IS risk analysis, or equivalent and relevant security experience.
One or more industry recognized and relevant Cybersecurity certifications such as CISSP, ISSMP, CRISC, CISM, CERT, CISA etc.
Strong understanding of relevant frameworks, standards and methods related to information security risk management, cybersecurity principles, and concepts
Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider
7 years technical risk management function for a financial institution
Strong project management skills with the ability to prioritize tasks and manage multiple projects and workstreams simultaneously.
Understand and apply the architecture, security controls, and deployment models of advanced risk management and assessment methodologies, compliance frameworks (such as NIST, FAIR, CACI, GDPR, SOC2, and PCI DSS.
Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences
Experience developing attack scenarios to assist with risk management and assessment activities.
Knowledge of and experience with using threat contextualization and ingestion into the risk management and cyber roadmap processes
Experience with security risk remediation programs, including technical implementation and compliance considerations
Direct experience with driving risk management and assessments for enterprise level program evolution and cloud service models in the financial sector
Experience leading, assessing and managing risk in SAAS service provide.
Familiarity with the convergence of various cyber control frameworks and the generation of control requirements in the context of risk management.
Strong analytical and problem-solving skills, with attention to detail and accuracy.
Envestnet:u00A0
Be a member of an innovative and industry leading financial technology and solutions companyu00A0
Competitive Compensation/Total Reward Packages that include: Health Benefits (Health/Dental/Vision)
Paid Time Off (PTO) & Volunteer Time Off (VTO)
401K u2013 Company Match
Annual Bonus Incentives
Parental Stipendu00A0
Tuition Reimbursement
Student Debt Program
Charitable Matchu00A0
Wellness Programu00A0
#LI-AQ1
#J-18808-Ljbffr