Vulnerability and Application Security Manager - Assistant Vice President
iCapital Network is powering the world’s alternative investment marketplace. Our financial technology platform has transformed how advisors, wealth management firms, asset managers, and banks evaluate and recommend bespoke public and private market strategies for their high-net-worth clients. iCapital services approximately $70 billion in global client assets invested in close to 750 funds across more than 125,000 underlying accounts.
iCapital was named Solutions Provider of the Year at the 2020 MMI/Barron’s Industry Awards and selected to the 2018, 2019, 2020, and 2021 Forbes FinTech 50, a list of the top 50 innovative financial technology companies that are transforming finance through technology.
About the Role
The Vulnerability and Application Security Manager will develop, deploy, and oversee vulnerability management and aspects of application security across iCapital’s desktop, infrastructure, public cloud, and software-as-a-service providers. The role will champion and guide maturing the existing program through the deployment of new scanning, patching, monitoring, and reporting capabilities. Vulnerability management will offer input into iCapital’s security policy, enforcement model, application development, and technology configuration to ensure all desktops, platforms, and applications are compliant and secure.
This candidate must be hands-on, comfortable working in small teams, and interested in continually researching to improve knowledge and iCapital platforms and tools.
Responsibilities
- Manage and improve the Vulnerability management process including tools, reporting, and governance.
- Detection and assessment of vulnerabilities across endpoints, public cloud, and SaaS environments.
- Manage third-party penetration testing teams.
- Monitor and report on vulnerabilities and patch status.
- Verification of the baseline configuration, performance of compliance tests, and monitoring of drift.
- Identify and manage tools to manage scanning, mitigations, corrective actions, verification, and policy exception.
- Risk modelling and cooperation with SOC in risk analysis.
Qualifications
- 5+ years’ experience in a highly technical Information Security role
- 3+ years’ experience in vulnerability management across operating systems, applications, and cloud security configurations
- 3+ years’ experience with security technologies and applications in enterprise and cloud environments (e.g., vulnerability scanners, IDS, firewalls, proxies, Networks, Laptops, Desktops, Wireless Access Points)
- 2+ years’ experience with information security responsibilities related to public cloud custom build software products
- BS/BA degree (i.e., Computer Science/Engineering, Business, etc.)
- Master’s degree or other advanced degree in the field of cybersecurity
- Experience in the telecommunications, financial services, defense, or government industries
- Working knowledge/experience with Python, SQL, and REST APIs
- Experience implementing security controls within the CI/CD as it relates to containers
- Experience with information security best practices, including a good understanding of OS concepts, process management, and resource scheduling in Windows and Linux environments
- Strong understanding of cybersecurity threats and technology related risk
- Ability to work independently or as part of a group
- Solid problem-solving abilities
- Strong ability to review system and application data and develop metrics and reporting
- CISSP or related experience
Previous Experience
- Developed and defined Vulnerability Management process
- Detection and assessment of vulnerabilities
- Monitoring and reporting of vulnerabilities
- Activities in the Vulnerability Management process
- Verification of the baseline configuration and performance of compliance tests
- Recommendations of mitigation and corrective actions and verification of their implementation
- Risk modelling and cooperation with SOC in risk analysis
- Understanding in reading / assessing vulnerability disclosures (CVE, CVSS)
- Management of third-party penetration testing teams
Benefits
iCapital offers a comprehensive benefits package that includes a competitive total compensation program consisting of salary, equity for all full-time employees, annual performance bonus, and an employer matched retirement plan; generously subsidized healthcare with 100% employer paid dental, vision, telemedicine, and virtual mental health counseling; and generous paid time off (PTO) featuring unlimited sick time and parental leave.
As we plan to re-enter our offices in 2021, iCapital will offer most employees the flexibility to work remotely one to two days a week. Every department has different needs, and some positions will be designated in-office jobs, based on their function.
While we are currently working remotely due to COVID-19, this position will be based in our NYC or Princeton, NJ office.
For additional information on iCapital Network, please visit https://www.icapitalnetwork.com/about-us Twitter: @icapitalnetwork | LinkedIn: https://www.linkedin.com/company/icapital-network-inc
iCapital Network is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.