Senior Information Security Analyst
Geode Capital Management, LLC is seeking a Senior Information Security Analyst. This is a dual role in Information Security and Third-Party Oversight functional areas. The primary responsibilities include assisting with Geode’s Information Security initiatives and overseeing a comprehensive Third-Party Oversight Program. This position will report to the Director of Information Security and work closely with business units, Finance, Legal/Compliance and Technology teams. The ideal candidate will be passionate about identifying, managing, communicating, and reducing risks, thereby enabling risk focused culture and effective Information Security practice.
This is a hybrid work environment opportunity with a weekly in-office schedule of Tuesdays, Wednesdays, and Thursdays with remote work availability on Mondays and Fridays.
Responsibilities:
- Partner with Technology, Internal Audit team and other teams to analyze security controls to ensure that Geode’s security requirements are implemented for effective security posture.
- Assist with implementing Information Security requirements (e.g., policies, standards, procedures, controls) and key project initiatives such as, but not limited to, application security, vulnerability management and Access Control Management etc..
- Document and maintain the implementation of security controls and assist with developing best practices and security standards for the organization.
- Assist enhancing Third-party Oversight Program and related processes in alignment with risk management frameworks and relevant regulatory requirements. Act as the point of contact and coordinate with multiple vendors during the onboarding process.
- Accountable for performing/oversight of vendor risk assessments, periodic monitoring, process documentation, risk remediation, and reporting (both internal and external).
- Collaborate with key partners to identify opportunities and deliver training to build awareness of Information Security risks and risk management processes.
- Provide support and input for related audits or examinations from internal/external parties and collaborate with relevant stakeholders to ensure findings are appropriately remediated.
- Ensure issues, risks and action items are well documented, reviewed and communicated to all parties involved in a timely manner.
- Perform additional duties as required.
Skills You Bring:
- 7+ years of experience in Information Security with broad working knowledge of information systems and latest technologies is required.
- Bachelor’s degree in Information Security, Technology, Computer Science or related field is required.
- Experience in Information Security domains such as Information Security Governance, Compliance, Regulations, and knowledge in frameworks like CIS, NIST and ISO 27001, and SOC reports is required.
- Third-party risk management experience preferably in the financial services industry, conducting risk assessments and thorough knowledge in third-party risk assessment methodologies and concepts.
- Certifications such as CISSP, CISM, CISA preferred, but not required.
- Working experience with a GRC platform, prefer RSA Archer, incorporating continuous improvement for the system and process is preferred.
- Strong critical thinking skills and the ability to solve problems as they arise, including ability to map processes/workflows and requirement gathering.
- Solid project management skills (organizing, planning, reporting, documenting driving tasks to closure, etc.).
- Excellent communication and interpersonal skills with business partners and key stakeholders are critical for this role.
- Comfortable working in a fast-paced and small company culture environment.
Company Overview:
Founded in 2001, Geode is headquartered in Boston’s financial district, the center of one of the world’s most vibrant finance and technology hubs and employs approximately 170 employees.
Geode is an institutional asset manager providing core beta exposures across a range of equity and niche asset classes, with over $1 trillion in AUM as of December 31, 2023. With a robust infrastructure and experienced investment professionals, Geode offers the scale of a large asset management firm with the benefits of a smaller organization.
Geode is proud to be an equal opportunity employer and support a diversified work environment. Learn more about Geode at www.geodecapital.com/careers.