Information Security Vendor Risk Manager
iCapital Network is powering the world’s alternative investment marketplace. Our financial technology platform has transformed how advisors, wealth management firms, asset managers, and banks evaluate and recommend bespoke public and private market strategies for their high-net-worth clients. iCapital services approximately $85 billion in global client assets invested in close to 750 funds across more than 125,000 underlying accounts.
iCapital was named Solutions Provider of the Year at the 2020 MMI/Barron’s Industry Awards and selected to the 2018, 2019, 2020 and 2021 Forbes FinTech 50, a list of the top 50 innovative financial technology companies that are transforming finance through technology.
About the Role
The Information Security Vendor Risk Manager at iCapital Network will evaluate third-party vendors to determine if their information security programs are adequate to protect iCapital information. The vendor risk process includes engaging vendor owners to determine initial vendor risk, reviewing third party risk reports, due diligence questionnaire answers, SOC reports, and policies to determine an overall risk posture of higher-risk vendors. Any outstanding risks will be presented to management for risk acceptance. Once a vendor is approved, the Vendor Risk Manager will track identified deficiencies in their program to remediation. The Vendor Risk Manager will also assist in determining required vendor control standards.
Responsibilities
- Engage with internal vendor owners to determine initial third-party vendor risk ratings.
- Manage third-party vendor risk evaluation services.
- Communicate directly with third-party vendors.
- Perform third-party vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, and reviewing independent audit service reports.
- Escalate outstanding risk items to management for acceptance or rejection.
- Communicate and track remediation plans with third-party vendors, business and technology partners, and where applicable, recommend mitigating/compensating controls.
- Maintain and present metrics on the vendor risk program to management.
- Continuously monitor third party vendor’s security posture and information security risk.
- Advise and guide business and technology partners regarding compensating control alternatives where security requirements cannot be met.
Qualifications
- 5+ years’ experience in an information security role
- 3+ years of IT compliance, IT controls, or risk management experience is desired
- Bachelor's degree in Computer Science or technology/information security-related field
- Experience with RiskRecon, CyberGRX and/or Coupa risk module is a plus
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Controls (CRISC) is a plus
- Understanding of ISO-27000 or NIST 800 based security program standards
- Knowledge of relevant legal and regulatory requirements, as well as privacy laws
- Knowledge of security risks pertaining to cloud (IaaS, SaaS, AaaS) offerings
- Quick learner with a desire to always learn combined with the ability to multi-task
- Attentive, organized, and detail oriented
- Excellent communication skills
Benefits
iCapital offers a comprehensive benefits package that includes a competitive total compensation program consisting of salary, equity for all full-time employees, annual performance bonus, and an employer matched retirement plan; generously subsidized healthcare with 100% employer paid dental, vision, telemedicine, and virtual mental health counseling; and generous paid time off (PTO) featuring unlimited sick time and parental leave.
As we plan to re-enter our offices in 2021, iCapital will offer most employees the flexibility to work remotely one to two days a week. Every department has different needs, and some positions will be designated in-office jobs, based on their function.
While we are currently working remotely due to COVID-19, this position will be based in our Princeton, NJ or Greenwich, CT office.
For additional information on iCapital Network, please visit https://www.icapitalnetwork.com/about-us Twitter: @icapitalnetwork | LinkedIn: https://www.linkedin.com/company/icapital-network-inc
iCapital Network is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.