Manager, Information Security (GRC)
Apex Fintech Solutions (AFS) powers innovation and the future of digital wealth management by processing millions of transactions daily, to simplify, automate, and facilitate access to financial markets for all. Our robust suite of fintech solutions enables us to support clients such as Stash, Betterment, SoFi, and WeBull, and more than 20 million of our clients' customers.
Collectively, AFS creates an environment in which companies with the biggest ideas in fintech are empowered to change the world. We are based in Dallas, TX and also have offices in Austin, New York, Chicago, Los Angeles, Portland, and Belfast.
If you are seeking a fast-paced and entrepreneurial environment where you'll have the opportunity to make an immediate impact, and you have the guts to change everything, this is the place for you.
AFS has received a number of prestigious industry awards, including:
- 2021, 2020, 2019, and 2018 Best Wealth Management Company - presented by Fintech Breakthrough Awards
- 2021 Most Innovative Companies - presented by Fast Company
- 2021 Best API & Best Trading Technology - presented by Global Fintech Awards
Apex Fintech Solutions is looking for an Manager, Information Security to join our team! In this role, you will lead the Apex Governance, Risk and Compliance (GRC) information security program for our organization. The primary objective for this role is to establish best in class Security, Risk & Privacy programs and policies that safeguard firm infrastructure and applications and to lead and develop a team to manage ongoing risk and compliance workstreams within the Information Security team.
What you’ll do all day:
- Manage the GRC security program. You will have direct oversight of our security program, helping to manage the development, implementation and enforcement of firm-wide policies, procedures, and best practices. Ensuring they are best-in class and reviewed and up to date on a regular basis.
- Guide business and operational infrastructure. You will work closely with business teams, leadership, our compliance team, and external entities (audit agencies, regulatory bodies) to ensure communication, cooperation, and compliance of information security practices and requirements.
- Vendor assessments. You will be involved in vendor risk assessments and communicate them to business partners.
- Focus on security practice and compliance. You’ll provide actionable recommendations on new and existing security processes, technologies, and standards. This includes reporting and metrics toward the alignment of controls to risks and showing maturity models against it.
- Work in a fast-paced environment. You’ll work tirelessly with your teammates to achieve timely deliverables and ensure security practices stay top of mind.
We’re looking for someone who:
- Is self-directed. You’re driven, motivated, and eager to succeed.
- Is a leader. You can lead multiple, high-visibility projects that require constant communication and collaboration with cross-functional teams and external parties.
- Has strong technical skills. You love technology and want to stay hands-on, always learning new security standards, tools, and approaches.
- Is adaptable. While you enjoy establishing processes and standards, you understand the need to be flexible and enjoy trying new things.
- Operates with integrity. You always conduct yourself with honesty and operate ethically. You say what you mean, and mean what you say.
A few reasons why you might love us:
- The team is great. You’ll work cross-functionally with teams across the organizations that have a vested interest in maintaining strong security practices. You’ll be managed by people who care about you, and invest in your success.
- Your success will be recognized and appreciated. You’ll be able to see your direct impact on our growth. You won’t be just another cog in the wheel.
- The work environment is amazing. Our office space is really cool, open, and sleek. We provide free beverages, snacks and have fun while working hard.
The skills you’ll need to succeed:
- 7+ years professional experience with at least 5 years involving information security, risk management, compliance, and privacy of non-public personal data.
- Experience with information security and privacy risk assessments and audits of IT general security controls.
- Expertise in security, privacy compliance standards and control frameworks, eg. SOC1/2, NIST CSF
- Strong understanding of data privacy regulations eg. CCPA, GDPR, HIPAA, PIPEDA, UK DPA and Privacy Shield
- Strong understanding and experience in enabling GRC solutions and common control framework for data regulations
- Must have a thorough understanding of control and risk management concepts.
- Must have strong leadership and excellent communication skills.
- Must be able to lead high-visibility projects that require collaboration with cross-functional stakeholders to develop and implement consensual decisions.
- Must be well organized, solution-oriented and have strong process management skills
- Experience with the phases of the software development lifecycle.
- Bachelor’s degree or equivalent work experience required
- CISA, CRISC, CISM, CISSP or CIPP certificate a plus.
- Experience in a highly regulated industry is a plus.