Information Security Architect
Back River Search
- San Carlos, CA
Our client's mission is to enable effortless credit based on true risk. Why? Because credit really matters. Money is a fundamental ingredient of life, and unless you’re in the few percent of Americans with significant wealth, the price of borrowing affects you everyday. Through all of history, affordable credit has been central to unlocking mobility and opportunity.
Upstart is the first lending platform to leverage artificial intelligence and machine learning to price credit and automate the borrowing process. Upstart has demonstrated strong credit performance1 and maintains one of the industry’s highest consumer ratings according to leading consumer review sites.
In addition to its direct-to-consumer lending platform, our client provides technology to banks, credit unions and other partners via a “Software-as-a-Service” offering called Powered.
Our client needs Information Security Architect, where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.
Here is more about what you’ll be doing:
- Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
- Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team
- Building out our future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
- Set up a regular vulnerability scanning tools and manage remediation of identified issues
- Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
- Owning security controls relating to application access and data encryption
- Leading vulnerability management and incident management procedures
- Keeping abreast on all compliance/regulatory news and information in fintech to ensure our client is at the forefront of changes in the industry
- Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences
- 5+ years of experience in information security, preferably with experience in enabling security incident and event management
- 3+ years of experience in a leadership role
- Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
- Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
- Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
- Experience setting up and working in security operations
- Ability to define high-level strategy for security/compliance monitoring and risk mitigation
- Strong written and verbal communication skills
Tuesday, March 26, 2019