Envestnet/Yodlee - Senior Information Security Auditor

Sr. Information Security Auditor- BLR - India

Yodlee Company Description

Please fill-in.

Position Summary

- The Sr. Information Security Auditor role is responsible for running the Yodlees Information Security & Privacy Audit and Compliance Program. It involves performing, supporting, reporting and documenting the effectiveness of the program. This is a hands-on position that requires practical experience in the areas of security & privacy audit & risk management.

- The candidate is primarily responsible for executing defined security and privacy related audit activities. The auditor also helps in the application of security policies and standards across the company, including software engineering, finance, operations, and IT.

- This position is a member of the Yodlee Security Office and reports to the Sr. Manager - Information Security.

- The ideal candidate will have 5-6 years of practical information security, privacy, audit and risk management experience in a regulated environment. The Yodlee Security Office is a dynamic function, providing the opportunity for significant growth in knowledge and experience in the areas of information security, risk management & privacy.

Primary Responsibilities

- Perform internal audits and ensure compliance against Yodlee policies and external laws.

- Maintain the audit calendar & program and provide periodic reports to stakeholders.

- Improve on reporting mechanisms for the audit function

- Track remediation of any findings from internal or external assessments.

- Manage the audit risk assessment program

- Identify security risks and develop solutions to eliminate or minimize risks.

- Contribute to the data risk management program

- Support the team in risk management activities

- Support the vendor risk & client risk management program across the organization

- Assist with successful implementation and enforcement of security policies and procedures across old & new technologies / systems/ environments.

- Participate with the implementation of security initiatives

- Support team to implement the GRC initiatives with respect to audit programs

Requirements

- Engineering Graduate in Computer Science, Information Systems, or related field

- 5-6 years in an Information Security role with progressive experience in the following areas:

a) Audits and assessments - information security, network security, application security, physical security, privacy etc.

b) Information or IT risk management and compliance

- Knowledge of various standards like ISO 27K, CoBIT, PCI-DSS, etc.

- Understanding of Privacy regimes

- Moderate-level knowledge of and experience with:

TCP/IP architecture, routing protocols and security

Windows OS and Active Directory security concepts

Solaris and Linux host and network security concepts

Application Security concepts from an audit perspective

MS Office (Word, Excel, PowerPoint)

- Excellent organization, communication and presentation skills with the right attitude

- Ability to multi-task

- General professional writing proficiency

- Experience in the financial services industry is preferred