Information Security Analyst

New York, NY, United States

Novata

For the metrics that matter to your firm, we make data collection, reporting, and insights easy and practical.

View company page

Novata is a public benefit corporation created and funded by a unique consortium of foundations and private sector companies including the Ford Foundation, the Omidyar Network, S&P Global, and Hamilton Lane. We are a for-profit, mission-driven company with a goal of empowering the private markets to build a more inclusive and sustainable form of capitalism. By bringing together the brightest minds in financial data, private equity, social justice and inclusive capitalism, we aim to build the best technology and tools for the private markets to better collect, analyze, benchmark, and report ESG (Environmental, Social, Governance) data. We have an experienced and diverse team who are as ambitious about growing a successful company as we are about making an impact. We hope you’ll join us.

About the role

We’re a hybrid team of engineers, security operations partners, and DevSecOps

specialists with a mixture of backgrounds and technical disciplines distributed globally. Our highest priority is to ensure the protection of our data assets and systems in support of our SaaS platform business model. We’re strong believers in the principles of agile and hybrid teaming with our software engineering function to ensure a secure by design approach is applied to all systems implementation, enhancement and operation..

This role reports to the Novata Information Security Director, with responsibility for conducting a broad range of security operations and security engineering tasks including supporting security architecture reviews, data loss prevention, cloud

security posture management, incident response, incident investigation, identity and access management, platform and data security monitoring, and risk management.

You will:

Support a variety of proactive security readiness activities including continued enhancement of our data loss prevention program, vulnerability management, and cloud security posture management.

Work closely with key stakeholders including executive leadership, product engineering, product management, information technology, people team, and legal.

Identify opportunities and implement best practices to continuously improve our security posture and readiness to respond to security threats.

Play a supporting role in maintaining and enhancing our security program in support of both SOC 2 and ISO 27001 certification standards.

Review and recommend enhancements to policies, controls, processes and standards.

Support investigation and analysis of technology tooling to improve our Security posture.

Play a leading role in upholding Secure by Design principles across the company wide SDLC chain, including robust threat modeling.

Support supply chain risk management assessment of vendors and technology partners to ensure alignment with security obligations of our customers.

Requirements

You should have:

Excellent communication and leadership skills, and are able to work collaboratively and respectfully with other team members.

Experience working in a non-security focused role whether that be network, infrastructure, cloud, data engineering, IT Operations or software engineering.

The ability to establish rapport and trust with key stakeholders at all levels of the organization from individual software developers to executive leadership.

A passion and demonstrated ability to support information security, cyber security, data protection, disaster readiness, risk management, and security operations.

A passion for continuous learning and awareness of new capabilities and solutions that support our enterprise security ecosystem.

You might have:

Prior working experience in highly regulated industries including National Defense, Aerospace, or Financial Services.

Prior working experience with technology partners such as Okta, Metomic, Proofpoint, AWS, Azure, Jamf or Intune.

Prior working experience in a large international consulting organization, whether focused on security or other technical domains.

Active security certifications such as SSCP, CCSP, CGRC, Security+ or CEH.

We want our employees to have the best opportunities at work and in life. We know that requires us to provide more than just a great place to work. We are committed to providing industry leading benefits and flexibility that allows you to achieve all your life goals. Here are the important highlights:

Competitive salary

reviewed annually to account for market shifts

Robust leave policies (PTO, parental leave, VTO)

Flexible work environment with support for hybrid remote work and office based access in either Manhattan or London

Opportunities for personal and professional development

An experienced, mature and extremely enthusiastic team that thrives on collaboration

Why Join Us?

Novata is a mission-first company built to enable the private markets to drive more impact. We are at the unique intersection of ESG, the private markets, and mission driven impact. We are well-funded, have a top tier executive leadership team, and have experienced a successful commercial launch in the first half of 2022. We have a highly aggressive growth plan to establish ourselves as the industry leader of ESG with immediate plans for product and international expansion.

Members of our leadership team have been globally recognized for their success as leaders of large public companies, founders of successful startups, leaders of established ESG organizations, and builders of robust tech platforms. We are passionate, highly motivated, and experienced individuals who embrace our diverse backgrounds. Together, we will become the platform of choice and a catalyst for a change in the way business is done.

Novata is an Equal Opportunity Employer and it is our policy that we will not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other protected category with respect to recruitment, hiring, training, promotion and other terms and conditions of employment.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr