Information Security Director

The Security and Technology Risk organization at Addepar is focused on establishing clear, simple and consistent control frameworks, and providing effective oversight of information security and technology activities. This organization plays a critical role in helping to balance risk-taking activities and decisions with opportunities to manage risk. 

The successful candidate will be skilled in delivering high-impact governance, risk and compliance programs that scale based on the size and maturity of the business. This position reports to Addepar’s CISO and VP Technology Risk. 

As a senior member of the team, you will play a critical role in leveling-up Addepar’s Security and Risk Program. You will bring your expertise to shape and build-out our program strategy and execute key, strategic programs that mitigate risk in a sustainable way. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your role commensurate with the priorities of the organization and the company.  The high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can have an immediate impact. 

Responsibilities

• Drive a more mature and optimized Security and Risk Program through control standardization, rationalization, and reporting, aligned with industry standard frameworks such as the NIST Cybersecurity Framework.
• Lead independent risk assessments of our environment focusing on our platform and its supporting software, infrastructure, tools, and governance.
• Identify and lead strategic programs to mitigate thematic risks, including consultation with risk owners on the design and implementation or adjustment of mitigating controls.
• Build a standard metrics program and risk reporting framework, to communicate risk to business owners, senior management, and other stakeholders.
• Build and maintain relationships with senior leaders and control owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders.
• Demonstrate strong analytical, problem-solving, and decision-making skills.
• Define, structure and plan work independently.

Requirements

• 10+ years of experience managing, consulting, auditing, or working in the fields of Information security or Technology Risk.
• 5+ years of experience with Information Security at the policy or implementation level
• 5+ of experience working and communicating with senior leadership and customers
• Professional certification: AWS Certified Solutions Architect, AWS Certified Security Specialty, Certified Information Security Auditor (CISA) or Certified Information Systems Security Professional (CISSP) 
• Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence where necessary to ensure objectives are met.
• Experience identifying and communicating key risks related to cloud implementations and architectures
• Passion and expertise in cybersecurity and technology risk, with a demonstrated risk-based approach to problem solving.
• Ability to manage multiple high-visibility and high-impact projects while maintaining superior results.
• Familiarity with controls and control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, or ISO.)
• Prior experience working in financial services or other highly-regulated sectors.
• Prior experience working in consulting, technology or similarly fast-paced dynamic environments.

Addepar is a wealth management platform that specializes in data aggregation, analytics and reporting for even the most complex investment portfolios. Founded in 2009 by Joe Lonsdale, who currently serves as an active Chairman of its Board of Directors and General Partner at 8VC, the company's platform aggregates portfolio, market and client data all in one place. It provides asset owners and advisors a clearer financial picture at every level, allowing them to make more informed and timely investment decisions. Addepar works with hundreds of leading financial advisors, family offices and large financial institutions that manage data for over $2 trillion of assets on the company's platform. In 2020, Addepar was named as a Forbes Fintech 50 company and honored as a member of the CB Insights Fintech 250. Addepar is headquartered in Silicon Valley and has offices in New York City and Salt Lake City. All brokerage services offered through Acervus Securities Inc., member FINRA / SIPC.

Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds, and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility.

In order to ensure the health and safety of all Addepeeps and our prospective candidates, we have instituted a virtual interview and onboarding experience.