Information Security Engineer - Risk and Controls
Haven Life is an insurtech innovator, backed and wholly owned by MassMutual that creatively uses technology to advance the life insurance industry and better serve the modern customer.
We combine the culture of a startup with the stability and backing of a Fortune 500 company to create an environment that's truly unique.
Our diverse team is composed of smart, collaborative people who think big, execute quickly and don't take themselves too seriously. We're located in New York's Flatiron District and in case you're wondering, yes, we provide free snacks. Cold brew too.
If you're creative, professional and kind, we'd love to hear from you.
About this role
You will be joining an experienced Information Security team tasked with guiding and carrying out Haven Life’s security agenda. You will be collaborating closely with your team, as well as working hand-in-hand with employees across the broader organization to ensure that security best practices are a standard part of the way our company operates. In addition to strong technical skills, this role will require out-of-the-box thinking and thoughtfulness about how and why you do what you do. The job will be varied and challenging, using the latest tools, techniques, and apps.
WHAT YOU WILL DO
Design, Analyze and Audit Security Controls
- Act as a subject matter expert to ensure alignment with best practices and known IT frameworks
- Design controls and perform internal IT audit assignments to assess the efficiency and effectiveness of IT processes and related controls
- Perform various other reviews of IT policies and procedures such as change management, data management processes and information security to ensure that controls surrounding these processes are adequate
- Interview various teams to map and document their process
Discover, Prioritize and Resolve Mitigations
- Discover gaps using industry-standard programs, evaluating the criticality of identified control gaps leading to prioritization
- Collect and analyze various recommendations for SOC2 and make sure those recommendations are implemented across the organization in a timely manner
- Contribute across other parts of the Security organization
Develop Information Security Plans and Policies
- Develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed
- Develop strategies to respond to and recover from security incidents
REQUIREMENTS
- 4+ years of relevant IT experience
- BA/BS
- Prior position in IT Governance/IT Audit – internal audit or external auditing firm preferred
- Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations.
- Knowledge of logging, monitoring, incident response and disaster recovery
- Knowledge planning and developing security policies, standards, and procedures
- Ability to work independently or as part of a group effort, as required
- Solid problem-solving ability
- Excellent communication skills
- Must be authorized to work in the US for any employer without requiring Visa Sponsorship
- Must be able to work full-time from our Manhattan office when we return to the office
BENEFITS
We have a stellar team of co-workers, a really cool office, and lots of fun activities. Oh yeah, and we pay competitive base salaries and we reward performance. Our salary structure is commensurate with experience. In addition, you will be eligible to participate in our comprehensive benefits program including medical insurance and 401(K).
The privacy of your personal information is important to us, click here to review our privacy notice.