Information Security Risk Manager

IEX is currently looking to hire an Information Security Risk Manager. In this role, you will be responsible for managing the information security risk program including vulnerability detection and remediation, vendor risk, corporate threat-risk analyses, and enterprise risk. Strong analytical and problem solving skills with a meticulous attention to detail are a must have for this role. If you are looking to join a high growth Fintech firm, and are driven by our mission of promoting a fair, simple, and transparent stock exchange – come join us!

About you:

  • Excellent analytical, critical thinking, and problem solving skills
  • Self-starter who is proactive and entrepreneurial
  • Organized and detail-oriented
  • Cross-functional team player

What you’ll do:

  • Enhance the three-tier information security risk program
    • Organizational
    • Mission/Business Process
    • Technology
  • Vulnerability Management
    • Management of third party and internal penetration testing
    • Network scans
    • Security patch management
    • Automated application security testing
  • Vendor Risk Management Program
    • Initial vendor triage
    • Deep dives into high and medium-risk firms with information security questionnaires and meetings
    • Maintain overall vendor risk register
    • Annual update of high-risk vendors
  • Corporate Information Security Threat-Risk Analysis
    • Update and expand annual process
  • Enterprise Risk Management
    • Manage quarterly updates
  • SSAE-16 type II gap assessment & remediation
  • Manage annual Regulation SCI assessment
  • Answer member-initiated information security vendor review requests
  • Information Security evidence co-ordination with auditors and regulatory team
  • Business Continuity Management
    • InfoSec war games
    • Disaster Recovery exercises

Your background:

  • 5-10 years of information security and risk management experience
  • CISSP or CISM certification
  • CRISC or similar risk certification
  • Experience with industry-standard information security risk frameworks
  • Understanding of compliance requirements (FFEIC, Reg SCI, HIPPA)
  • US regulatory examinations experience (SEC, OCC, FRB, FDIC)
  • Experience with SSAE-16 SOC1/2 reviews and external auditors
  • Understanding of information security technologies (SIEM, DLP, firewalls, networking, TCP/IP)

 

Here at IEX, we are dedicated to an inclusive workplace and culture. We are an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information or any other characteristic protected by applicable federal, state or local laws. This policy not only complies with all applicable laws and protects worker’s right’s but is vital to IEX’s overall mission and values.


Meet Some of IEX Group's Employees

Adrian F.

Program Management

Adrian keeps stakeholders across Technology, Operations, Product, Sales, Marketing, and Regulatory Teams on the same page and moving forward to hit key milestones.

Tara M.

Co-Founder & Office Manager

Tara has a hand in all IEX's internal and external projects and procedures. She manages everything from office redesigns to employee event planning to scheduling for IEX's Executive Team.


Back to top