Our mission is pretty simple; we believe that everyone deserves sophisticated financial advice. In just three short years, Wealthfront has rolled out the features and services that now define a new category that we call 'automated investment services.' We are focused on taking services typically reserved for the ultra-wealthy, automating them and delivering them directly to the investors at an incredibly low cost. We have clients in all 50 states who trust us with over $4 billion in assets and growing. With our clients' trust, we believe we can and will change this industry.
Our Infosec team is responsible for safeguarding the security of Wealthfront: from corporate information security through to protection of production systems on the Internet. The Security Administrator works with the CTO and Head of Security to ensure our systems meet the security, privacy and compliance needs of our clients, employees, regulators and the public.
We are looking for someone to handle a number of internal security and audit functions. This is an entry-level to mid-level IT Security position, requiring 2+ years of work experience. IT Security/Audit experience is an advantage, but not a requirement.
To enjoy and thrive in this role, you'll be comfortable with creating and/or following proceduralized processes with high attention to detail. Additionally, you'll need to be technically oriented, well organized and a self-starter.
How you will further our mission
- Perform monthly security compliance activities including; access audits, verification of continued business need for privileged systems access, ensure approvals for user access requests are in place, and generate our monthly security audit and systems access report. (This will consume a minimum of 1 full week each month and 1 full month each year).
- Prepare audit reports and other outputs required for IT / Security / Financial and regulatory audits
- Assist with information security activities including user provisioning, de-provisioning, user access, and restrictions to system
- Create/update procedures related to access, security and system changes. Periodically validate procedures and review they have been followed correctly.
- Perform rolling annual reviews for our 3rd party provider Security assessments.
- Monitoring controls related to IT systems to ensure they follow policies.
- Create reports based analysis of firewall rules, access lists and user access, as to which rules have or haven't been used
- Assist with updating internal IT policies and procedures, and improving processes and controls.
- Be a member of our internal incident response team (on-call 1 week/month)
What you’ll bring to work each day
- A.S. or B.S. in Science / Computer Science / Engineering or equivalent experience
- 2+ years work experience
- Strong attention to detail
- Good writing, communication, and organizational skills
- Passion to aim higher and develop new skills
- Enthusiastic about collaborative problem solving
- Eagerness to solve challenging problems
- An interest in, or experience with network security
Skills you’ll develop (current knowledge is desirable)
- Exposure to audits, auditing or IT audit
- Experience with industry standard SDLC tools, including Confluence, Jira and git
- Security risk and compliance experience at a fast-paced technology company, Big Four public accounting firm, or equivalent (this could include as an intern)
- Experience with SOX, SOC 1/2/3, ISO 27001, PCI-DSS, CSA STAR, HIPAA, FedRAMP/NIST 800-53 and other security based certifications, audits, or compliance standards
Back to top