Information Security Risk Management Architect

About Attentive: Attentive is a personalized text messaging platform changing the way consumers interact with businesses and organizations. The company is one of the fastest growing startups in New York City and recently raised a $470 million Series E investment led by Coatue in March 2021. Other investors in Attentive include Bain Capital Ventures, Sequoia, IVP.  
We work with 3,500+ of the most innovative brands like Coach, Urban Outfitters, CB2, Pura Vida, Lulus, and Jack in the Box. Attentive was founded in 2016 by the co-founders of TapCommerce, a mobile marketing platform that was acquired by Twitter in 2014.
Role Background:
We are looking for a versatile security and risk management professional who can lead the development of key functions within our security program, including Identity and Access Management (IAM), third party risk management (TPRM), data security, and secure design reviews. This individual will partner with cross-functional stakeholders to influence and advise upon security measures, design, and practices.

IAM Expectations

• Building a timely access revocation process for in-scope systems, including AWS.
• Ensuring accounts for in-scope systems are configured to authenticate users with a unique user account and enforce minimum password requirements.
• Document what employee types should be given what level of access to in-scope systems, and ensure any access provisioned beyond what is defined in this policy is approved in a ticket by the manager/system owner.
• Ensuring access reviews are performed for in-scope systems as necessary.
• Provide guidance for the broader Identity and Access Management (IAM) roadmap, implementing industry standard IAM and IGA concepts including least privilege and separation of duties, password management, permission management, and entitlement management.
• Work across IT, engineering, and our business stakeholders to design and automate the Joiner/Mover/Leaver processes and associated access reviews. Lead the build, design, and testing of workflows including connecting applications.
• Document and maintain IAM processes across the organization.

Third Party Risk Management Expectations

• Empowers application owners to understand and manage risks relevant to their applications.
• Emphasizes the implementation of controls that allow the business to use the latest technology in a secure way rather than a “red-light/green-light” approval process.
• Does not unnecessarily slow down the procurement process or create an undue burden on information security, IT, or application owners.

Security Generalist Expectations

• Assist in the closure of other SOC 2 gaps, including updating our enterprise risk management and security awareness training programs.
• Plays an advisory role to provide guidance and expertise to business and partner teams on secure design and best practices (i.e. implementations).
• Works with the Information Security team to develop and implement an information security program that aligns standards, frameworks, and security with overall business and technology strategy.

Requirements

• Experience designing enterprise IAM programs
• Experience designing enterprise risk management programs
• Experience with security compliance frameworks, preferably including SOC 2 and SOX
• Experience leading cross-functional teams
• Experience implementing IAM best practices in a AWS or another IaaS environment

Benefits & Perks

• Robust health benefits packages including access to a 401k and various medical, dental and vision plans, and $100/month fitness reimbursement
• Full support for remote work
• Daily lunch delivery credit and other goodies sent to home
• Regular company-wide social events (even virtually!)
• Generous annual education stipend toward job-related external learning opportunities
• An extremely enthusiastic team that appreciates collaboration

#EF1
Attentive is an Equal Opportunity Employer. We’re committed to diversity and maintaining a work environment that is free from harassment and discrimination. We’re committed to them because our core values demand it - values like Integrity First, Listening & Cultivating Discussion, and Default to Action. We believe in embracing “self” and that our true strength lies in the diversity of our employees. For this reason, applicants from all backgrounds are encouraged to apply, and will not be discriminated against on the basis of any protected status under federal, state, or local law.