Information Security Risk Management Architect
United States
Applications have closed
Attentive
Attentive is the most comprehensive personalized text messaging solution. 99% open rates, 30%+ click-through rates, and 25x+ ROI.
About Attentive: Attentive is a personalized text messaging platform changing the way consumers interact with businesses and organizations. The company is one of the fastest growing startups in New York City and recently raised a $470 million Series E investment led by Coatue in March 2021. Other investors in Attentive include Bain Capital Ventures, Sequoia, IVP.
We work with 3,500+ of the most innovative brands like Coach, Urban Outfitters, CB2, Pura Vida, Lulus, and Jack in the Box. Attentive was founded in 2016 by the co-founders of TapCommerce, a mobile marketing platform that was acquired by Twitter in 2014.
Role Background:
We are looking for a versatile security and risk management professional who can lead the development of key functions within our security program, including Identity and Access Management (IAM), third party risk management (TPRM), data security, and secure design reviews. This individual will partner with cross-functional stakeholders to influence and advise upon security measures, design, and practices.
Attentive is an Equal Opportunity Employer. We’re committed to diversity and maintaining a work environment that is free from harassment and discrimination. We’re committed to them because our core values demand it - values like Integrity First, Listening & Cultivating Discussion, and Default to Action. We believe in embracing “self” and that our true strength lies in the diversity of our employees. For this reason, applicants from all backgrounds are encouraged to apply, and will not be discriminated against on the basis of any protected status under federal, state, or local law.
We work with 3,500+ of the most innovative brands like Coach, Urban Outfitters, CB2, Pura Vida, Lulus, and Jack in the Box. Attentive was founded in 2016 by the co-founders of TapCommerce, a mobile marketing platform that was acquired by Twitter in 2014.
Role Background:
We are looking for a versatile security and risk management professional who can lead the development of key functions within our security program, including Identity and Access Management (IAM), third party risk management (TPRM), data security, and secure design reviews. This individual will partner with cross-functional stakeholders to influence and advise upon security measures, design, and practices.
IAM Expectations
- Building a timely access revocation process for in-scope systems, including AWS.
- Ensuring accounts for in-scope systems are configured to authenticate users with a unique user account and enforce minimum password requirements.
- Document what employee types should be given what level of access to in-scope systems, and ensure any access provisioned beyond what is defined in this policy is approved in a ticket by the manager/system owner.
- Ensuring access reviews are performed for in-scope systems as necessary.
- Provide guidance for the broader Identity and Access Management (IAM) roadmap, implementing industry standard IAM and IGA concepts including least privilege and separation of duties, password management, permission management, and entitlement management.
- Work across IT, engineering, and our business stakeholders to design and automate the Joiner/Mover/Leaver processes and associated access reviews. Lead the build, design, and testing of workflows including connecting applications.
- Document and maintain IAM processes across the organization.
Third Party Risk Management Expectations
- Empowers application owners to understand and manage risks relevant to their applications.
- Emphasizes the implementation of controls that allow the business to use the latest technology in a secure way rather than a “red-light/green-light” approval process.
- Does not unnecessarily slow down the procurement process or create an undue burden on information security, IT, or application owners.
Security Generalist Expectations
- Assist in the closure of other SOC 2 gaps, including updating our enterprise risk management and security awareness training programs.
- Plays an advisory role to provide guidance and expertise to business and partner teams on secure design and best practices (i.e. implementations).
- Works with the Information Security team to develop and implement an information security program that aligns standards, frameworks, and security with overall business and technology strategy.
Requirements
- Experience designing enterprise IAM programs
- Experience designing enterprise risk management programs
- Experience with security compliance frameworks, preferably including SOC 2 and SOX
- Experience leading cross-functional teams
- Experience implementing IAM best practices in a AWS or another IaaS environment
Benefits & Perks
- Robust health benefits packages including access to a 401k and various medical, dental and vision plans, and $100/month fitness reimbursement
- Full support for remote work
- Daily lunch delivery credit and other goodies sent to home
- Regular company-wide social events (even virtually!)
- Generous annual education stipend toward job-related external learning opportunities
- An extremely enthusiastic team that appreciates collaboration
Attentive is an Equal Opportunity Employer. We’re committed to diversity and maintaining a work environment that is free from harassment and discrimination. We’re committed to them because our core values demand it - values like Integrity First, Listening & Cultivating Discussion, and Default to Action. We believe in embracing “self” and that our true strength lies in the diversity of our employees. For this reason, applicants from all backgrounds are encouraged to apply, and will not be discriminated against on the basis of any protected status under federal, state, or local law.
Tags: AWS Compliance IaaS IAM Risk management SOC 2 Strategy
Perks/benefits: Career development Fitness / gym Health care Home office stipend Lunch / meals Team events
Region:
North America
Country:
United States
Job stats:
10
3
0
Category:
Architecture Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs