Director, Information Security Risk Manager

2 Months ago • 10 Years + • Risk Management

Job Summary

Job Description

Envestnet is seeking a Director, Information Security Risk Manager to join their Technology department. This hybrid role, based in Berwyn, PA, involves coordinating enterprise-wide risk management using Cyber Security Towers for effective operations. The Director will lead a team of cyber professionals, collaborate across departments to resolve audit, risk, and control issues, and ensure compliance with Envestnet's policies and industry best practices using the NIST framework. Responsibilities include refining security policies, conducting risk and control assessments, managing the insider threat program, overseeing third-party risk management, ensuring control effectiveness, communicating security risks to stakeholders, and managing incident response processes. The role requires a strong background in information security risk management and cybersecurity, with experience in frameworks like NIST Cybersecurity Framework and NIST Risk Management Framework.
Must have:
  • 10+ years in cybersecurity risk assessment
  • 7 years in risk management leadership
  • Expertise in Cloud/On-Premises environments
  • Experience with cloud and AI security
  • Experience in SAAS provider risk management
  • Industry cybersecurity certifications (CISSP, CRISC, etc.)
  • Strong communication and analytical skills
Good to have:
  • Experience with NIST AI Risk Frameworks
  • Familiarity with Archer GRC tool
  • Experience with Agile, Kanban, or ITIL frameworks
  • Experience developing attack scenarios
  • Knowledge of threat contextualization
Perks:
  • Health Benefits (Health/Dental/Vision)
  • Paid Time Off (PTO) & Volunteer Time Off (VTO)
  • 401K – Company Match
  • Annual Bonus Incentives
  • Parental Stipend
  • Tuition Reimbursement
  • Student Debt Program
  • Charitable Match
  • Wellness Program

Job Details

Description

Envestnet is seeking a Director, Information Security Risk Manager to join our Technology department. This is a hybrid role, with in-office work required at our Berwyn, PA office location.

Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients. 

Envestnet’s Strategy:

  • Deliver the industry-leading wealth management platform, powered by advanced data and insights 
  • Leverage our scale and efficiencies to serve our clients’ needs comprehensively 
  • Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment

For more information, please visit www.envestnet.com.

Job Summary: 

The Director of Information Security Risk Management will coordinate enterprise-wide risk management, leveraging Cyber Security Towers for cohesive and effective operations. Leading a team of cyber professionals, the Director will collaborate across departments to efficiently resolve audit, risk, or control issues. Utilizing the NIST framework, the Director will ensure compliance with Envestnet’s policies and industry best practices, overseeing and enhancing risk management activities to achieve exemplary audit and assessment reports.

Reporting to the Head of Information Security, the Director will lead the Information Security Risk Management function, bringing a blend of technical acumen and strategic insight. The ideal candidate will effectively communicate with stakeholders and guide team members in alignment with our security culture and business priorities. They will possess a strong background in information security risk management and cybersecurity, with experience in frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, and NIST AI Risk Frameworks.

Job Responsibilities:

  • Review, assess, and manage security policies, processes, and standards; refine and enhance the information security program based on NIST and other frameworks; manage the development and maintenance of security policies and standards, including an effective exception process.
  • Lead the information security risk management function, conducting risk and control assessments; ensure all risk management activities are documented and organized within the Archer GRC tool; manage the insider threat program; drive risk management activities and process improvements; track and report on risk remediation efforts.
  • Oversee the team responsible for third-party and supply chain risk management using Agile, Kanban, or ITIL frameworks.
  • Ensure control effectiveness assessments align with NIST-based policies and standards; collaborate with cross-functional teams to assess control effectiveness; ensure timely responses and management of all risk, audit, and policy management activities.
  • Communicate identified security risks and their potential impact to stakeholders; provide regular reports, presentations, and updates on risk activities and outcomes to senior management; develop and present detailed reports on risk assessments.
  • Review, refresh, and execute the incident response policy, process, and plan; act as incident manager for Cyber Governance in collaboration with the Security Operation Center and other teams.
  • Refine and manage the enterprise security awareness program to effectively reduce risks within the employee base.
  • Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification. Refine and manage the enterprise security awareness program to effectively reduce risks within the employee base.
  • Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
  • Own the tooling and management of the risk management process related to Archer, ensuring continuous improvement for the overall information security risk management function.
  • Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested. 
  • As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.

Required Qualifications: 

  • 10+ years in cybersecurity roles within IT services at an enterprise scale, focusing on security risk assessments (quantitative and qualitative).
  • 7 years in risk management leadership roles leading teams for financial institutions.
  • Extensive expertise in both Cloud and On-Premises hosting environments.
  • Experience with cloud and AI security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider.
  • Direct experience with driving risk management and assessments for enterprise-level program evolution.
  • Familiarity with risk management and assessment of cloud services and various cloud models, specifically in the financial sector.
  • Experience leading, assessing, and managing risk in SAAS service providers.
  • Certifications:
    • One or more industry-recognized cybersecurity certifications (e.g., CISSP, ISSMP, CRISC, CISM, CERT, CISA).
  • Skills and Abilities:
    • Comprehensive understanding of security requirements throughout the software development lifecycle and CI/CD process.
    • Excellent communication skills, capable of articulating complex technical concepts to diverse audiences.
    • Strong analytical and problem-solving skills, with attention to detail and accuracy.
    • Ability to manage conflict, solve problems, make decisions, and communicate effectively both orally and in writing.
    • Demonstrated success in driving impactful results and fostering collaboration across globally distributed teams.
    • Proven expertise in managing incident and emergency response processes, ensuring seamless coordination across cross-functional teams.
    • Experience managing large-scale high-risk projects from concept to delivery.
  • Technical Knowledge:
    • Experience developing attack scenarios for risk management and assessment activities.
    • Knowledge of threat contextualization and ingestion into risk management and cyber roadmap processes.
    • Experience implementing and leading security risk remediation programs, including technical implementation and compliance considerations.
    • Familiarity with the convergence of various cyber control frameworks and generating control requirements in the context of risk management.

Envestnet: 

  • Be a member of an innovative and industry leading financial technology and solutions company 
  • Competitive Compensation/Total Reward Packages that include:
    • Health Benefits (Health/Dental/Vision)
    • Paid Time Off (PTO) & Volunteer Time Off (VTO)
    • 401K – Company Match
    • Annual Bonus Incentives
    • Parental Stipend 
    • Tuition Reimbursement
    • Student Debt Program
    • Charitable Match 
    • Wellness Program

#LI-AQ1

Similar Jobs

Palo Alto Networks - Staff DevOps Engineer (Cortex XDR)

Palo Alto Networks

Bengaluru, Karnataka, India (On-Site)
2 Weeks ago
Sonar Source - Enterprise Account Executive - German Speaker - DACH

Sonar Source

London, England, United Kingdom (On-Site)
9 Months ago
Actian - Customer Success Manager

Actian

United States (Remote)
1 Month ago
Canva - Senior Product Marketing Manager — Monetisation

Canva

Brisbane, Queensland, Australia (On-Site)
1 Month ago
Adyen - Senior Enterprise Account Manager, Adyen for Platforms

Adyen

New York, United States (Hybrid)
2 Months ago
Ion - Senior Risk Analyst, Italy

Ion

Collecchio, Emilia-Romagna, Italy (On-Site)
9 Months ago
Ruselle Investments - Operational Risk Manager (Technology)

Ruselle Investments

Toronto, Ontario, Canada (On-Site)
1 Year ago
Techland - Security Risk Officer

Techland

Wrocław, Lower Silesian Voivodeship, Poland (On-Site)
2 Months ago
logifuture - Junior Risk and Payments Analyst

logifuture

Bucharest, Romania (Hybrid)
3 Weeks ago
Square - Associate - Risk

Square

Hyderabad, Telangana, India (On-Site)
1 Week ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Figma - Account Executive, Enterprise (Berlin, Germany)

Figma

Berlin, Berlin, Germany (On-Site)
1 Week ago
ISG - Principal Consultant, HCM / ERP Advisory

ISG

United States (Remote)
2 Months ago
Toast - Senior Customer Care Specialist

Toast

Chennai, Tamil Nadu, India (Hybrid)
1 Month ago
Saama - Statistical Programmer

Saama

Pune, Maharashtra, India (On-Site)
2 Months ago
CyberArk - Senior Product Manager - Identity Security Platform

CyberArk

Israel (Hybrid)
2 Weeks ago
Toast - Senior Manager, Finance Systems & Operations

Toast

San Francisco, California, United States (Hybrid)
1 Month ago
Vendavo - Data Scientist

Vendavo

Prague, Prague, Czechia (Hybrid)
1 Month ago
Minecast - Enterprise Account Executive

Minecast

Singapore (On-Site)
1 Year ago
Univision - Reporting & Analytics Manager

Univision

Mexico City, Mexico (On-Site)
1 Year ago
Alpha Sense - Account Executive, Financial Services

Alpha Sense

New York, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Berwyn, Pennsylvania, United States

conga - Senior Generalist Paralegal/Legal Project Manager

conga

United States (Remote)
3 Weeks ago
Ramp - Account Executive, Public Sector

Ramp

New York, United States (Hybrid)
1 Week ago
Sport squid - Front-End Web Engineer

Sport squid

San Francisco, California, United States (On-Site)
3 Months ago
SIFT - Senior Software Engineer, Identity Protection

SIFT

San Francisco, California, United States (Remote)
1 Week ago
QuinStreet - Lending Operations & Compliance Manager

QuinStreet

United States (Remote)
2 Months ago
Decagon - Engineering Manager, Agent Software Engineering

Decagon

New York, New York, United States (On-Site)
1 Month ago
Match Group - Lead Product Manager

Match Group

Los Angeles, California, United States (Hybrid)
1 Month ago
Nightfall AI - Staff Software Engineer

Nightfall AI

San Francisco, California, United States (Hybrid)
3 Months ago
Mercury - Senior Manager - Community

Mercury

San Francisco, California, United States (Remote)
4 Weeks ago
Unity - Principal SDK Engineer

Unity

San Francisco, California, United States (On-Site)
4 Weeks ago

Get notifed when new similar jobs are uploaded

Risk Management Jobs

Blazesoft - Risk and Fraud Analyst

Blazesoft

Vaughan, Ontario, Canada (On-Site)
1 Month ago
Lulalend - Senior Credit Risk Analyst

Lulalend

Cape Town, Western Cape, South Africa (On-Site)
1 Month ago
bytedance - Global Employee Relations - Risk and Dispute Management

bytedance

Singapore (On-Site)
4 Months ago
Go Fund Me - Risk Analyst I

Go Fund Me

Dublin, County Dublin, Ireland (On-Site)
3 Weeks ago
Tide - Insurance Risk Lead

Tide

United Kingdom (Hybrid)
2 Months ago
AECOM - Risk Analyst

AECOM

Mississauga, Ontario, Canada (On-Site)
1 Month ago
London stock Exchange - Senior Specialist, Corporates, Risk Intelligence

London stock Exchange

Frankfurt Am Main, Hessen, Germany (On-Site)
2 Months ago
Ion - Senior Consultant - Risk Advisory, Italy

Ion

Turin, Piedmont, Italy (On-Site)
9 Months ago
Monzo - Credit Risk Manager

Monzo

London, England, United Kingdom (Remote)
2 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Berwyn, Pennsylvania, United States (Hybrid)

Thiruvananthapuram, Kerala, India (On-Site)

Thiruvananthapuram, Kerala, India (On-Site)

Thiruvananthapuram, Kerala, India (On-Site)

Berwyn, Pennsylvania, United States (Hybrid)

Thiruvananthapuram, Kerala, India (On-Site)

Berwyn, Pennsylvania, United States (Hybrid)

Berwyn, Pennsylvania, United States (Hybrid)

Berwyn, Pennsylvania, United States (Remote)

View All Jobs

Get notified when new jobs are added by Yodlee

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug