Director, Information Security Risk Manager

Envestnet is seeking a Director, Information Security Risk Manager to join our Technology department. This is a hybrid role, with in-office work required at our Berwyn, PA office location.

Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients. 

Envestnet’s Strategy:

• Deliver the industry-leading wealth management platform, powered by advanced data and insights 
  
• Leverage our scale and efficiencies to serve our clients’ needs comprehensively 
  
• Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment
  

For more information, please visit www.envestnet.com.

Job Summary: 

The Director of Information Security Risk Management will coordinate enterprise-wide risk management, leveraging Cyber Security Towers for cohesive and effective operations. Leading a team of cyber professionals, the Director will collaborate across departments to efficiently resolve audit, risk, or control issues. Utilizing the NIST framework, the Director will ensure compliance with Envestnet’s policies and industry best practices, overseeing and enhancing risk management activities to achieve exemplary audit and assessment reports.

Reporting to the Head of Information Security, the Director will lead the Information Security Risk Management function, bringing a blend of technical acumen and strategic insight. The ideal candidate will effectively communicate with stakeholders and guide team members in alignment with our security culture and business priorities. They will possess a strong background in information security risk management and cybersecurity, with experience in frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, and NIST AI Risk Frameworks.

Job Responsibilities:

• Review, assess, and manage security policies, processes, and standards; refine and enhance the information security program based on NIST and other frameworks; manage the development and maintenance of security policies and standards, including an effective exception process.
  
• Lead the information security risk management function, conducting risk and control assessments; ensure all risk management activities are documented and organized within the Archer GRC tool; manage the insider threat program; drive risk management activities and process improvements; track and report on risk remediation efforts.
  
• Oversee the team responsible for third-party and supply chain risk management using Agile, Kanban, or ITIL frameworks.
  
• Ensure control effectiveness assessments align with NIST-based policies and standards; collaborate with cross-functional teams to assess control effectiveness; ensure timely responses and management of all risk, audit, and policy management activities.
  
• Communicate identified security risks and their potential impact to stakeholders; provide regular reports, presentations, and updates on risk activities and outcomes to senior management; develop and present detailed reports on risk assessments.
  
• Review, refresh, and execute the incident response policy, process, and plan; act as incident manager for Cyber Governance in collaboration with the Security Operation Center and other teams.
  
• Refine and manage the enterprise security awareness program to effectively reduce risks within the employee base.
  
• Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification. Refine and manage the enterprise security awareness program to effectively reduce risks within the employee base.
  
• Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
  
• Own the tooling and management of the risk management process related to Archer, ensuring continuous improvement for the overall information security risk management function.
  
• Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested. 
  
• As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.
  

Required Qualifications: 

• 10+ years in cybersecurity roles within IT services at an enterprise scale, focusing on security risk assessments (quantitative and qualitative).
  
• 7 years in risk management leadership roles leading teams for financial institutions.
  
• Extensive expertise in both Cloud and On-Premises hosting environments.
  
• Experience with cloud and AI security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider.
  
• Direct experience with driving risk management and assessments for enterprise-level program evolution.
  
• Familiarity with risk management and assessment of cloud services and various cloud models, specifically in the financial sector.
  
• Experience leading, assessing, and managing risk in SAAS service providers.
  
• Certifications:
  
  • One or more industry-recognized cybersecurity certifications (e.g., CISSP, ISSMP, CRISC, CISM, CERT, CISA).
    
• Skills and Abilities:
  
  • Comprehensive understanding of security requirements throughout the software development lifecycle and CI/CD process.
    
  • Excellent communication skills, capable of articulating complex technical concepts to diverse audiences.
    
  • Strong analytical and problem-solving skills, with attention to detail and accuracy.
    
  • Ability to manage conflict, solve problems, make decisions, and communicate effectively both orally and in writing.
    
  • Demonstrated success in driving impactful results and fostering collaboration across globally distributed teams.
    
  • Proven expertise in managing incident and emergency response processes, ensuring seamless coordination across cross-functional teams.
    
  • Experience managing large-scale high-risk projects from concept to delivery.
    
• Technical Knowledge:
  
• • Experience developing attack scenarios for risk management and assessment activities.
    
  • Knowledge of threat contextualization and ingestion into risk management and cyber roadmap processes.
    
  • Experience implementing and leading security risk remediation programs, including technical implementation and compliance considerations.
    
  • Familiarity with the convergence of various cyber control frameworks and generating control requirements in the context of risk management.
    

Envestnet: 

• Be a member of an innovative and industry leading financial technology and solutions company 
  
• Competitive Compensation/Total Reward Packages that include:
  
  • Health Benefits (Health/Dental/Vision)
    
  • Paid Time Off (PTO) & Volunteer Time Off (VTO)
    
  • 401K – Company Match
    
  • Annual Bonus Incentives
    
  • Parental Stipend 
    
  • Tuition Reimbursement
    
  • Student Debt Program
    
  • Charitable Match 
    
  • Wellness Program
    

#LI-AQ1