Envestnet Careers

Description

Information Security – Client Assurance Service Management

• Coordinate Information Security support for prospect calls, ensuring swift responses in competitive scenarios.
• Manage the On-Call rotation schedule and Jira requests, ensuring proper ticket handling and effective communication with stakeholders.
• Handle initial assignment and reassignment of tickets, ensuring closure and professional engagement with the Security Analyst team.
• Coordinate client assessments, develop Project Plans, and review due diligence questionnaires.
• Communicate effectively with customers, promptly closing tickets with clear and professional responses.
• Identify and capture risk concerns, mapping audit evidence to NIST controls.
• Own all tickets coming into the client assurance portal, managing SLAs and completion of requests, including third-party risk and Vendor management reviews.
• Ensure all activities are properly documented, tickets are communicated professionally, and documentation is organized efficiently.
• Develop and document processes for the entire team, managing adherence to evolving requirements.
• Oversee day-to-day activities of the Client Assurance support resources, including Service Management and Security Analyst functions in the US and India.
• Work with HR, Compliance, Legal, Sales, and Engineering to ensure the team has the latest information for successful third-party audits.
• Own the tooling and management of processes related to Jira, Loopio, and other reporting or Audit tools, ensuring continuous improvement for the overall Information Security function.
• Responsible for new hire training and ongoing, up-to-date training for the larger Enterprise security team to meet compliance requirements.
• Assist with required governance, risk, compliance and audit tasks or activities such as assisting with audit evidence collection e.g., SOC2, SOC1, PCI, etc.

General Responsibilities

• Organize and update content on the Information Security page, facilitating access for new employees.
• Organize SharePoint folders for easy access to Service Management information.
• Review and update Client Assurance Standard Operating Procedure, ensuring alignment with the team's evolving needs.
• Schedule and lead monthly RFP meetings, providing guidance on process changes.
• Update the Client Assurance section of the weekly Control Report and present relevant information during management calls.
• Identify ongoing training for team members, staying informed about security conferences, and educating the team on relevant tools.

• Strong Communication (Verbal and Written) and presentation skills.
• Self-Starter that can effectively operate at a high level under limited supervision. 
• Bachelor’s/master’s in engineering/Cybersecurity or equivalent.
• CISA, CISM, CISSP certifications would be an added advantage.
• Knowledge of NIST Risk Management Framework (RMF), GRC tools.
• Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
• 2 - 5 years of experience in a client service or ITGC auditee/auditor function handling complex requests and audit responses.
• Previous management experience would be a plus.
• A strong understanding of cybersecurity principles, concepts, and best practices.
• Familiarity with compliance frameworks or standards such as NIST, GDPR, SOC 1 and SOC 2, and PCI DSS service providers is an added advantage.
• Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions.