Lead - Information Security

Trivandrum, Kerala, India

Full Time Senior-level / Expert USD 28K - 67K *

Envestnet

Explore our connected ecosystem of solutions, intelligence, and technologies that connect people’s daily lives with their long-term goals. See how we’re equipping advisors with the tools and resources needed to deliver the most impactful...

View all jobs at Envestnet

Apply now Apply later

Posted 2 weeks ago

Roles and Responsibilities

Serve as the primary point of contact for client security-related issues, escalating and resolving technical client escalation issues.
They act as the Client Assurance Subject Matter Expert (CA SME) in collaboration with the Service Management (SM) team.
Engage in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.
Assist with client management aspects, including questionnaires, timely response to client queries, and concerns.
Handle technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.
Provide technical support during the entire audit process, including following up on audit findings for remediation.
Proactively collect, document, and store evidence needed for client audits.
Engage SMEs from different business units through quarterly meetings.
Communicate client security control requirements to the SM team through regular training sessions.
Proactively engage SMEs to update the evidence library with new information.
Review FAQs for all business units annually and update with the latest information.
Develop and maintain customer-facing Security overview presentations.
Manage new vulnerabilities from external sources, internal penetration tests, or client notifications.
Identify the impact of vulnerabilities and generate initial communications for clients.
Attend real-time vulnerability calls for urgent issues and follow up on remediation progress.
Update and respond to technical issues raised by the RFP team.
Organize SharePoint folders for easy access to information and evidence.
Manage Jira updates and maintain accuracy in the CA confluence space.
Review and update the Client Assurance Standard Operating Procedure after consulting with the team.
Coordinate SME support for client audits in collaboration with the CA Service Management team.
Train teams on security controls and processes monthly, storing sessions in an easily accessible location.
Educate the Service Management team on updates and new developments in the security space.
Coordinate training opportunities from SMEs for the team to learn different security controls.
Orchestrate the annual review with Compliance of company-wide Security information presentations.
Support client-facing teams in sales meetings and client communications requiring security specialist support.
Operate with urgency for fast turnaround in competitive situations.
Engage in SOC operations threat tracking.
Participate in incident management, change control meetings, and cloud migration initiatives.

Requirements

Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
Bachelor’s degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 7+ years of relevant professional experience in Information Security or IT Risk Management.
Desired: relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.
Understanding of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.
Can multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.
Can drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn’t require continuous monitoring.
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Ability to understand technology, management, and leadership issues related to organization processes and problem-solving.
Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
Knowledge of information security program management and project management principles and techniques.
Knowledge of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.