Senior Information Security Specialist
Description
Envestnet is seeking a passionate and talented Senior Information Security Specialist to join our Yodlee Security team. This is a hybrid role, with in-office work required at either our Raleigh, NC. Remote work is available for the right candidate.
Envestnet is transforming the way financial advice and wellness are delivered. Our mission is to empower advisors and financial service providers with innovative technology, solutions, and intelligence to make financial wellness a reality for everyone.
Since our founding 20 years ago, we are fully vested in helping people live an intelligent financial life. If you love the idea of working in a Fintech company with the environment and excitement of a start-up where you are making everyday impact - then read on.
Job Summary:
Yodlee is seeking a Senior Information Security Specialist for Compliance and Audit that will play a critical role in ensuring the organization meets industry security standards and regulatory requirements, focusing on PCI DSS, SOC2, and other relevant frameworks. This position is responsible for managing compliance initiatives, supporting audits, and working closely with cross-functional teams to align security policies, controls, and documentation. The role also involves driving continuous improvement in compliance practices and supporting a culture of security and accountability throughout the organization.
Job Responsibilities:
- Compliance Program Management:
- Manage and oversee the organization’s compliance with PCI DSS, SOC2, and other relevant security frameworks such as NIST and ISO 27001.
- Develop and maintain policies, procedures, and controls to meet audit requirements, ensuring that the organization is prepared for annual compliance assessments.
- Collaborate with cross-functional teams to communicate regulatory requirements, clarify compliance expectations, and ensure security policies are implemented effectively.
- Manage and oversee the organization’s compliance with PCI DSS, SOC2, and other relevant security frameworks such as NIST and ISO 27001.
- Audit Preparation and Support:
- Lead and coordinate external and internal audit preparation, managing audit schedules, documentation, and control reviews.
- Act as the main point of contact for external auditors and customer security reviews with gathering evidence, responding to inquiries, and ensuring timely completion of audit-related tasks.
- Support internal audit functions by conducting pre-audit assessments, identifying compliance gaps, and implementing corrective actions where necessary.
- Lead and coordinate external and internal audit preparation, managing audit schedules, documentation, and control reviews.
- Risk and Control Assessments:
- Conduct regular risk and control assessments to ensure compliance with PCI DSS and SOC2 requirements, including periodic review of access controls, data protection measures, and logging/monitoring practices.
- Collaborate with teams across IT, Engineering, and Operations to ensure controls are effectively implemented, monitored, and documented for audit readiness.
- Maintain an inventory of IT assets and data flows as required for compliance, supporting documentation for both internal and external assessments.
- Conduct regular risk and control assessments to ensure compliance with PCI DSS and SOC2 requirements, including periodic review of access controls, data protection measures, and logging/monitoring practices.
- Documentation and Process Improvement:
- Develop and maintain documentation for security policies, risk management, incident response, and compliance controls, ensuring consistency and clarity.
- Regularly update documentation to reflect changes in regulatory requirements and compliance standards, especially in line with SOC2 and PCI DSS updates.
- Identify and implement process improvements in the compliance program to streamline evidence collection, control testing, and audit response.
- Develop and maintain documentation for security policies, risk management, incident response, and compliance controls, ensuring consistency and clarity.
- Training and Awareness:
- Develop and deliver training programs on compliance and audit standards, focusing on Privacy, PCI DSS, SOC2, and related regulatory requirements.
- Educate and support teams on compliance-related best practices, ensuring all employees understand their roles in maintaining compliance.
- Keep the team informed on changes in regulatory requirements, providing guidance on any necessary adjustments to policies or controls.
- Develop and deliver training programs on compliance and audit standards, focusing on Privacy, PCI DSS, SOC2, and related regulatory requirements.
- Continuous Monitoring and Reporting:
- Implement and manage continuous monitoring processes to ensure ongoing compliance with security frameworks, including regular control testing and compliance health checks.
- Track and report on compliance metrics, identifying trends, improvement areas, and potential risks to senior management.
- Work closely with SOC and Risk Management teams to review security incidents for compliance implications and support remediation efforts as needed.
- Implement and manage continuous monitoring processes to ensure ongoing compliance with security frameworks, including regular control testing and compliance health checks.
- Third-Party Vendor Compliance:
- Assess third-party vendors for compliance with control standards, conducting security assessments as part of the vendor management process.
- Maintain relationships with vendors and manage documentation of vendor security controls compliance with organizational standards.
- Assess third-party vendors for compliance with control standards, conducting security assessments as part of the vendor management process.
- Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.
- As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.
Required Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
- 5+ years of experience in information security, compliance, or audit roles, with a focus on PCI DSS, SOC2, and similar frameworks.
- Strong understanding of compliance requirements, control frameworks, and audit methodologies.
- Relevant security or compliance certifications such as CISA, CISSP, PCI Professional (PCIP), or CompTIA Security+ are highly preferred.
Key Skills:
- Regulatory Knowledge: In-depth knowledge of NIST, ISO 27001, PCI DSS and SOC2 compliance standards, with hands-on experience managing compliance and audit processes.
- Audit Management: Proficient in coordinating audits, managing documentation, and working with external auditors and internal stakeholders.
- Attention to Detail: High level of accuracy in developing and maintaining documentation and in reviewing controls for compliance.
- Communication: Excellent communication skills for clear and concise compliance reporting, as well as for effective collaboration across teams.
- Project Management: Strong organizational and project management skills, with the ability to prioritize and manage multiple compliance initiatives.
About Us:
Envestnet is a leading independent provider of technology‐enabled investment and practice management solutions to financial advisors who are independent, as well as those who are associated with small or mid‐sized financial advisory firms and larger financial institutions. Envestnet's technology is focused on addressing financial advisors' front, middle, and back‐office needs while leveraging our platform to grow their businesses and expand client relationships.
We offer a highly competitive compensation and benefits package as well as the excitement, challenges, and rewards of a fast-growing, entrepreneurial company.
Why Choose Envestnet:
- Be a member of a leading financial services and products innovation company
- Competitive Compensation/Total Reward Packages that include:
- Health Benefits (Health/Dental/Vision)
- Paid Time Off (PTO) & Volunteer Time Off (VTO)
- 401K – Company Match
- Annual Bonus Incentives
- Parental Stipend
- Tuition Reimbursement
- Student Debt Program
- Charitable Match
- Wellness Program
- Health Benefits (Health/Dental/Vision)
- Work on global projects with diverse, energetic, team members who respect each other and celebrate differences.
Salary:
The annual base salary range for this position is $108,000 to $162,000.
Envestnet is an Equal Opportunity Employer.
Envestnet refers to the family of operating subsidiaries of the public holding company, Envestnet, Inc. (NYSE: ENV).
#LI-SC1