Information Security Analyst at Betterment

You are a GRC or IT audit professional with at least two years of experience in security operations. This role is ideal if you have a background in public accou

Work type: onsite

Location: Betterment HQ - New York City

Salary: $115,000 – $125,000/yr

Type: Full-time

Summary

You are a GRC or IT audit professional with at least two years of experience in security operations. This role is ideal if you have a background in public accounting or internal audit and are comfortable navigating control governance frameworks. **What makes it worth a look...** Betterment pays $115,000 to $125,000 annually for this position based at their New York City headquarters. You will work on-site four days per week, though the company waives office requirements during summer and winter holidays. **You might be a good fit if you...** * Understand security risk management principles like the CIA triad. * Have direct experience managing security controls for cloud and SaaS applications. * Know how to perform risk assessments and document logical access controls. * Can monitor vulnerability remediation and gather evidence for compliance audits.

Job Description

## About Betterment

[Betterment](http://www.betterment.com/) is a leading, technology-driven financial services company that offers investing, savings and retirement solutions for retail investors and investment advisors as well as financial wellness solutions, including a 401(k) for small and medium-sized businesses. Our team is passionate about our mission, to empower people to build wealth with confidence and ease. We’re headquartered in NYC and offer hybrid NY-based positions (four days/ week in-office, with no required office days during the summer and winter holidays).

About the Role:

We are looking for an information security professional with 2+ years experience in technology operations, technology audit, or GRC. The successful candidate in this role will perform a variety of governance, risk, and compliance activities related to security. Examples of assigned activities will include perform risk assessments for SaaS applications, consulting with application owners to apply strong logical access controls, monitoring and reporting on the timely remediation of vulnerabilities, or gathering evidence to support audits or examinations.

As a technology-driven financial services company, managing information security risk is critical to the trust that we foster with our clients, investors, and regulators. This role will operate within our Govern & Control team, which is a small independent (second line-of-defense) team which is integrated with the broader security program. The role reports to the Director of Information Security, and works closely with the security teams within engineering, lines of business throughout the company, and other risk management teams including Compliance and Legal.

This role is based out of our NYC office. Below we've reflected the base salary range for this position. Actual salaries may vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Betterment’s total compensation package for employees.

• New York City: $115,000-$125,000

A Day in the Life:

• Operates assigned risk management processes such as vulnerability monitoring, due diligence questionnaire completion, audit or examination evidence gathering. A number of AI and automation tools will be available to facilitate increasing efficiency and scale in this work over time. The role will have some flexibility for specialization among the team.

• Perform application-level risk assessments by interviewing and documenting the key business processes and risks related to an application, and providing guidance regarding strong logical access controls to reduce risk. When appropriate, document issues and foster management attention related to remediation for control deficiencies.

• Perform due diligence or ongoing monitoring activities to evaluate security risks introduced through third-party relationships or applications or tools used by employees.

• Contribute to security awareness training or phishing simulation activities for training of employees and contractors.

• Gather data and ensure management attention towards key risk indicator (KRI) metrics for security.

• Monitor assigned issues through regular follow-up and reporting to ensure management attention and timely remediation.

We are seeking a team member with 2+ years experience in technology operations, technology audit, or GRC. They will be a significant contributor to the security program.

The following skills/competencies are required:

• You’ve operated security controls in an IT operations role, or served as a Staff or Senior-level auditor (in public accounting or internal audit), or previously worked in a security role successfully.

• You have knowledge and familiarity with the principles of security risk management, including the CIA triad, design and operation of controls, and one or more control governance frameworks.

• You have a familiarity with security controls applicable to cloud computing and third-party SaaS applications, including logical access management processes, third-party due diligence and monitoring, and more

• You have experience learning new skills, including through research and the use of AI and automation.

We change lives

Join a community of innovators working to transform financial outcomes for real people. Your work will make an impact, always laddering up to our mission: making people's lives better.

We set audacious goals

We set them for the company, our customers, and ourselves—and we won’t stop until we reach them. We don’t just show up; we give our all, then celebrate our wins.

We value all perspectives

When we collaborate, we're at our best. We believe diverse perspectives lead to better outcomes and strive to uphold our supportive and inclusive community.

We invest in you with:

• A competitive suite of benefits, including: medical, dental, and vision insurance; life and AD&D insurance; STD and LTD benefits, including infertility support and World Professional Association for Transgender Health approved benefits; and generous parental leave.

• Flexible paid time off (and encouragement to use it!)

• Meaningful opportunity for community building through our 7 Employee Resource Groups

• Empowerment to own and lead change and affect the business

• Dedicated professional development opportunities

• Lunch from our in-house chef at our NYC headquarters

We’ll take a few weeks to review all applications. If we’d like to spend more time with you, we’ll reach out to arrange next steps, which will include 3-4 sets of meetings with your future colleagues.

In the interview process, we’ll look to learn more about your skills, experiences, capabilities, and motivators. Many of our questions will be aimed at understanding how you might operate here at Betterment. Depending on the role, we may ask you to complete a case study exercise or technical assessments, as we want to collect a robust set of data points to better inform our decisions.

On average, it takes us around 3-5 weeks to make a hiring decision, depending on your availability and sense of urgency. As a best practice, we aim to interview at least 2-3 final round candidates before making a hiring decision. Please note that, as we usually receive an overwhelming number of applications for open positions, we’re unable to offer individual feedback during the interview process.

We recognize that interviewing for a new role is a big deal. We appreciate you considering Betterment as the next step in your career, and our Recruiting Team is here to support and advocate for you through the interview process!

Betterment is dedicated to providing accommodations to candidates upon request. If you need accommodations at any point throughout the interview process, please reach out to your recruiter.Please note that in any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.Come join us!

We’re an equal opportunity employer and comply with all applicable federal, state, and local fair employment practices laws. We strictly prohibit and do not tolerate discrimination against employees, applicants, or any other covered persons because of race, color, religion, creed, national origin or ancestry, ethnicity, sex, gender (including gender nonconformity and status as a transgender or transsexual individual), sexual orientation, marital status, age, physical or mental disability, citizenship, past, current or prospective service in the uniformed services, predisposing genetic characteristic, domestic violence victim status, arrest records, or any other characteristic protected under applicable federal, state or local law.E-Verify Statement

View this job on nocollar jobs