Envestnet/Yodlee - Information Security Auditor

Information Security Auditor- BLR - India

Yodlee Company Description

Position Summary :

The Information Security Auditorrole is responsible for auditing & supporting the Yodlee's Information Security & Privacy Audit and Compliance Program. It involves supporting, reporting and documenting the effectiveness of the program. This is a hands-on position that requires practical experience in the areas of information security, privacy, audit & risk management.

- The candidate isprimarily responsible for executing defined security and privacy related audit activities. The analystalso helps in the application of security policies and standards across the company, including software engineering, finance, operations, and IT.

- This position is a member of the Yodlee Security Office and reports to the Sr. Manager - Information Security.

- The ideal candidate will have 1-3 years of practical information security, privacy, audit and risk management experience in a regulated environment. The Yodlee Security Office is a dynamic function, providing the opportunity for significant growth in knowledge and experience in the areas of information security, risk management& privacy.

Primary Responsibilities :

- Perform internal audits and ensure compliance against Yodlee policies and external laws.

- Maintain the audit program and provide periodic reports to stakeholders.

- Improve on reporting mechanisms for the audit function

- Track remediation of any findings from internal or external assessments.

- Identify security risks and develop solutions to eliminate or minimize risks.

- Contribute to the data risk management program

- Support the team in risk management activities

- Support the vendor risk & client risk management program across the organization

- Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems/ environments.

- Participate with the implementation of security initiatives

- Support team to implement the GRC initiatives with respect to audit programs

Requirements :

- Engineering Graduate in Computer Science, Information Systems, or related field

- 1-3 years in an Information Security role with progressive experience in the following areas :

- Security audits and assessments - information, network, application, etc.

- Information or IT risk management and compliance

- Understanding of Privacy regimes

- Moderate-level knowledge of and experience with:

- TCP/IP architecture, routing protocols and security

- Windows OS and Active Directory security concepts

- Solaris and Linux host and network security concepts

- MS Office (Word, Excel, PowerPoint, Access)

- Excellent organization, communicationand presentation skills with the right attitude

- Ability to multi-task

- General professional writing proficiency

- Experience in the financial services industry is preferred