Information Security Manager
almost 2 years ago
Full time role
United States
United States
Job Description
Aspiration is in the business of fighting the climate crisis. We help people and businesses build sustainable impact into what they do every day by making it easy, automated, and powerful -- whether it is in the ways people spend and save their money or the ways businesses engage their customers and employees. The estimated cumulative climate impact of the Aspiration community thus far is the equivalent of taking every car in the state of Wyoming off the road for a year. Aspiration is a certified B Corporation and, in fact, has been named to the “Best for the World” list of the top five percent of highest scored certified B Corporations four years in a row. Aspiration has raised over $550M in funding to date and is growing quickly.
The Information Security Manager is responsible for leading the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes the following: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. The incumbent is responsible for creating and enhancing dashboards, managing staff that are reviewing and maintaining the configuration of security systems and tools, reviewing reports and log output from security systems to ensure normal operations and detection of anomalous behavior. Ensuring compliance standards are maintained and processes security reviews as required.
What You'll Do:Manage a team that administer security solutions within an AWS environmentReview output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behaviorWork with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its dataConduct security reviews against new processes, technology, and applicationsSafeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levelsIdentify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Ensure security awareness program to mature corporate security knowledge.Exercise appropriate discretion and confidentiality when addressing security incidents.Assist in internal, external audit and compliance audit requests. Ensures Aspiration data is securely protected from internal and external, intentional, and unintentional access, alteration, and deletion.Optimize and streamline the current information security toolsets and processesDocument and update information security policies, procedures, and processes
What You'll Bring:Bachelor's degree in computer science, information security, philosophy/logic, engineering, or related technology field. Master’s degree in technology a plus.Minimum of 6 years of relevant experience in leading security teams, senior advisor, manager, and/or senior consultant.Previous fintech experience, banking, credit union, investment firm, or mortgage industry knowledge is a plus.Knowledge and understanding of a “cloud-first” architecture Knowledge of regulatory requirements (e.g., FFIEC, NIST, NY DFS) and policies pertaining to information security.Excellent presentation, communication, and analytical skills to solve asymmetric problems.Well organized and be able to communicate effectively with a global team. Experience managing staff members, contractors, and consultants during project work.Ability to lead, learn, mentor, and apply new skills and strategies.Excellent ability to observe and interpret people, project progression, and situations.Knowledge and experience with the following modern security tools: SIEM, SSO, IDM, IAM, MDM, DLP, CASB, NGAV, Vulnerability Scanning, etc.Previous exposure with a development and/or DevOps environmentExperience designing, documenting, developing, and maturing security solutionsExperience working with REST APIs and Web calls for data.Security certifications a plus (e.g., AWS, CRISC, CISSP, CISM)
What You'll GetWork for a mission-driven company to transform the lives of millions by building a better, values-oriented financial firmOpportunity to be part of and to contribute to ESG, as a steward of social and environmental changeInclusion in Diversity, Equity, and Inclusion employee activities and eventsDiverse & Inclusive work environment and company focus
Aspiration is proud to be an ESG company. We are an equal opportunity workplace and an affirmative action employer. Diversity at Aspiration is not just compliance-driven. Diversity is our compass to drive equitable practices; to celebrate individuality; and to foster the uniqueness within each of us that makes our products, services, and culture better than most. Yes, we are proud to be a DEI company and we encourage everyone, inside and outside of Aspiration, to show up as you are and as you want to be, every day.
This organization participates in E-Verify. Find more information here!
#BI-Remote #LI-Remote
The Information Security Manager is responsible for leading the implementation and maintenance of the corporate information security program to ensure the confidentiality, integrity, and availability of Aspiration data assets. The program includes the following: enforce policies, standards, guidelines, and controls to manage and prevent risk to Aspiration. The incumbent is responsible for creating and enhancing dashboards, managing staff that are reviewing and maintaining the configuration of security systems and tools, reviewing reports and log output from security systems to ensure normal operations and detection of anomalous behavior. Ensuring compliance standards are maintained and processes security reviews as required.
What You'll Do:Manage a team that administer security solutions within an AWS environmentReview output from security systems and tools (reports and log data) to ensure normal operations and detection of anomalous behaviorWork with vendors and third parties to understand their processes, technology and/or applications to appropriate security controls are in place to protect Aspiration and its dataConduct security reviews against new processes, technology, and applicationsSafeguard sensitive information by working with business units and vendors/third parties to determine and enforce appropriate access levelsIdentify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection. Ensure security awareness program to mature corporate security knowledge.Exercise appropriate discretion and confidentiality when addressing security incidents.Assist in internal, external audit and compliance audit requests. Ensures Aspiration data is securely protected from internal and external, intentional, and unintentional access, alteration, and deletion.Optimize and streamline the current information security toolsets and processesDocument and update information security policies, procedures, and processes
What You'll Bring:Bachelor's degree in computer science, information security, philosophy/logic, engineering, or related technology field. Master’s degree in technology a plus.Minimum of 6 years of relevant experience in leading security teams, senior advisor, manager, and/or senior consultant.Previous fintech experience, banking, credit union, investment firm, or mortgage industry knowledge is a plus.Knowledge and understanding of a “cloud-first” architecture Knowledge of regulatory requirements (e.g., FFIEC, NIST, NY DFS) and policies pertaining to information security.Excellent presentation, communication, and analytical skills to solve asymmetric problems.Well organized and be able to communicate effectively with a global team. Experience managing staff members, contractors, and consultants during project work.Ability to lead, learn, mentor, and apply new skills and strategies.Excellent ability to observe and interpret people, project progression, and situations.Knowledge and experience with the following modern security tools: SIEM, SSO, IDM, IAM, MDM, DLP, CASB, NGAV, Vulnerability Scanning, etc.Previous exposure with a development and/or DevOps environmentExperience designing, documenting, developing, and maturing security solutionsExperience working with REST APIs and Web calls for data.Security certifications a plus (e.g., AWS, CRISC, CISSP, CISM)
What You'll GetWork for a mission-driven company to transform the lives of millions by building a better, values-oriented financial firmOpportunity to be part of and to contribute to ESG, as a steward of social and environmental changeInclusion in Diversity, Equity, and Inclusion employee activities and eventsDiverse & Inclusive work environment and company focus
Aspiration is proud to be an ESG company. We are an equal opportunity workplace and an affirmative action employer. Diversity at Aspiration is not just compliance-driven. Diversity is our compass to drive equitable practices; to celebrate individuality; and to foster the uniqueness within each of us that makes our products, services, and culture better than most. Yes, we are proud to be a DEI company and we encourage everyone, inside and outside of Aspiration, to show up as you are and as you want to be, every day.
This organization participates in E-Verify. Find more information here!
#BI-Remote #LI-Remote
Similar jobs
Mobilizing talent for a climate positive world