About LearnVest

LearnVest is redefining the American approach to personal finance. Our planners leverage financial technology to create simple, affordable, realistic plans for anyone who wants to feel confident about their money and optimistic about the future.

Since launching in 2010, LearnVest has been one of the premier financial technology companies in the country, helping thousands of people make progress on their financial goals. LearnVest was acquired by Northwestern Mutual in 2015 and is now scaling its technology and personal finance approach to help millions of people across both the LearnVest and Northwestern Mutual brands.

Description:

Learnvest is a strong engineering-driven environment; we rely on the creativity, technical excellence and dedication of our engineers to create world class products for our planners and financial representatives.

Our environment is a rapidly evolving mix of microservices running on different cloud configurations. We are looking for strong information risk associates with 2+ years of experience in risk assessment and remediation, to help identify, prioritize and record security and information risk, and provide solutions, and mitigate risks. Big4 or Big 6 client facing IT Security/Risk Remediation experience is a plus.

 Environment: Linux, AWS, Kubernetes, Docker, Ansible, Terraform, Java, etc.

Responsibilities:

• Consult with risk owners to select and align risk responses with business objectives and enable informed decisions
• Analyze risk scenarios based on organizational criteria 
• Identify the current state of existing controls (system architectures, networking, processes, etc.) while evaluating their effectiveness for IT risk mitigation
• Review the results of risk & control analysis; assess any gaps between current and desired states of the IT risk environment
• Communicate risk assessments to engineering and executive stakeholders to enable risk-based decision-making
• Establish clear lines of accountability by ensuring ownership of controls
• Work with system owners to approve and document deviations from information risk standards
• Author security requirements ensuring compliance with standards, laws, and regulations

Requirements:

• College Degree in Information Security, Computer Science or similar
• 2-5 year’s professional experience working in information risk management, security controls, and process design
• Experience with a range of Risk Related tools including RSA Archer
• Experience with any combination of Static and dynamic scanning tools:
• App Scanning: Veracode, App Spider, Checkmarx, OWASP ZAP, Burp Suite, etc. 
• Infrastructure & image scanning tools: BlackDuck, Qualys, Clair by CoreOS, etc.
• Awareness of the ever-evolving IT Security industry
• Experience managing regulatory, compliance, privacy and legal requirements
• Security Certifications are a plus - CISSP, CRISC, CISA, CEH, CPT, etc.