Arative’s ideal candidate is one excited with the opportunity to innovate on the cutting edge of secure cloud services through deep technical security knowledge and a solid work ethic. In this role, you will be our representative as a subject matter expert on all things relating to information security at Arative.
The ideal candidate will be able to perform from not only a people, process, and planning perspective but also be a key contributor to security architecture and technology decisions. This role will be responsible for developing, implementing and monitoring a strategic, comprehensive security and IT risk management program. The Sr. Security Engineer will also provide the leadership necessary to ensure business alignment, effective governance, system and product availability, integrity and confidentiality of all information security related projects and compliance decisions for Arative. In this role, you will be looked to as a leader in defining, communicating, planning, and executing on all company goals in the privacy, information security and compliance environment.
In this role you will:
- Provide the direction for data and cybersecurity protection, and oversee technology governance and policies.
- Develop security strategy, architecture, incident response and awareness programs.
- Provide strategic risk guidance for products, including evaluation and recommendation of technical controls.
- Collaborate with the compliance team members as needed, and coordinates the IT component of both internal and external audits or assessments security programs are in compliance with relevant laws, regulation policies and security standards
- Develop Arative software solutions, technical processes and other technological means of enhancing the privacy and confidentiality of Arative stakeholders and customers individual’s personal data in data or data sets of data, including anonymization techniques, filtering tools , anti tracking technology, differential privacy tools, synthetic privacy data and secure multi-party commutation.
- Oversees training on appropriate security risk and mitigation strategies and disseminates security policies and practices.
- Assess cybersecurity threats and IT trends and develop effective security controls for data management, collection, storing, retention, deletion, protection and inspection.
- Develop and oversee effective disaster recovery policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
- Evaluates potential security breaches, coordinates response, and recommends corrective actions.
- Define and report on information security metrics.
- Provides project management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
- Maintains current knowledge of industry and regulatory trends and developments for enterprise technology.
- Perform regular pen-testing and code security audits
What’s needed:
- Bachelor’s degree in Computer Science/Engineering/Information Security.
- Knowledge of Protected Personal Information (PPI), European GDPR,COPAA, CAN-SPAM and other data privacy laws and regulations a plus
- CISSP, CISM, CISA, Security+ or comparable Information Security Assurance certification a plus
- SaaS software experience required, fintech experience highly preferred
- Experience with financial industry security governance, including PCI DSS, SOC2 and state regulations a plus
- Experience in establishing cybersecurity and risk metrics for reporting
- Strong communication, both verbal and written
- 100% Self-starter mentality
- Willingness to put in the work and be part of an elite team
- Able to provide references, background check might be required, screening against sanctioned lists will be performed