Associate Lead
Information Security
Posted on 1/31/2024
Yodlee

501-1,000 employees

Data aggregation and analytics platform
Company Overview
Yodlee's mission is to help as many Americans as possible to see their complete financial data.
Data & Analytics
Fintech

Company Stage

N/A

Total Funding

$742M

Founded

1999

Headquarters

Redwood City, California

Growth & Insights
Headcount

6 month growth

-8%

1 year growth

-20%

2 year growth

-42%
Locations
Remote in USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Communications
Management
JIRA
Confluence
CategoriesNew
IT & Security
Requirements
  • Bachelor’s degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 5+ years of relevant professional experience in Information Security or IT Risk Management
  • Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance
  • Understanding of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT
  • Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization
  • Can multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
  • Ability to understand technology, management, and leadership issues related to organization processes and problem-solving
  • Knowledge of new and emerging information technology (IT) and cybersecurity technologies
  • Knowledge of information security program management and project management principles and techniques
  • Knowledge of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.
Responsibilities
  • Engage in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks
  • Assist with client management aspects, including questionnaires, timely response to client queries, and concerns
  • Handle technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations
  • Provide technical support during the entire audit process, including following up on audit findings for remediation
  • Proactively collect, document, and store evidence needed for client audits
  • Engage SMEs from different business units through quarterly meetings
  • Communicate client security control requirements to the SM team through regular training sessions
  • Proactively engage SMEs to update the evidence library with new information
  • Review FAQs for all business units annually and update with the latest information
  • Develop and maintain customer-facing Security overview presentations
  • Manage new vulnerabilities from external sources, internal penetration tests, or client notifications
  • Identify the impact of vulnerabilities and generate initial communications for clients
  • Attend real-time vulnerability calls for urgent issues and follow up on remediation progress
  • Update and respond to technical issues raised by the RFP team
  • Organize SharePoint folders for easy access to information and evidence
  • Manage Jira updates and maintain accuracy in the CA confluence space
  • Review and update the Client Assurance Standard Operating Procedure after consulting with the team
  • Coordinate SME support for client audits in collaboration with the CA Service Management team
  • Train teams on security controls and processes monthly, storing sessions in an easily accessible location
  • Educate the Service Management team on updates and new developments in the security space
  • Coordinate training opportunities from SMEs for the team to learn different security controls
  • Orchestrate the annual review with Compliance of company-wide Security information presentations
  • Support client-facing teams in sales meetings and client communications requiring security specialist support
  • Operate with urgency for fast turnaround in competitive situations
  • Engage in SOC operations threat tracking
  • Participate in incident management, change control meetings, and cloud migration initiatives
Desired Qualifications
  • Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools