Information Security Architect

Join Upstart as our Information Security Architect, where you will bring security controls into our cloud infrastructure. Reporting to the Head of information Security, you will set up security incident and event management within Upstart. You’ll play a key role in ensuring security controls through design and architecture in our infrastructure, creating protocols for how we restrict access and data to specific users, and identifying and rectifying cases in which our infrastructure and data processing applications/databases isn’t secure or secure enough. You will also be a thought leader and represent Upstart at security conferences and events. As one of the first members of this team, you will also have an opportunity for growth into management.

Here is more about what you’ll be doing:

• Managing security compliance in all infrastructure-related projects including mapping Technology compliance into our infrastructure
• Partnering with engineering and dev-ops to provide security guidance in managing secure networking, securing IT assets and defining requirements for our Devops Team 
• Building out Upstart’s future through infrastructure by creating AWS-based security controls from scratch using a variety of AWS tools
• Set up a regular vulnerability scanning tools and manage remediation of identified issues
• Conducting infrastructure security audits, penetration tests, and periodic access reviews to applications and infrastructure
• Owning security controls relating to application access and data encryption
• Leading vulnerability management and incident management procedures
• Keeping abreast on all compliance/regulatory news and information in fintech to ensure Upstart is at the forefront of changes in the industry
• Actively participating in open source forums (e.g OWASP) and cloud infrastructure conferences

Requirements:

• 5+ years of experience in information security, preferably with experience in enabling security incident and event management
• 3+ years of experience in a leadership role
• Certification in IT or cybersecurity (e.g. CISSP or CISM) will strengthen consideration
• Experience working in high-security/high-compliance environments, Maintain compliance requirements with international standards such as (SOX, SOC2 and ISO27001)
• Experience setting up and working with AWS Inspector, Kinesis - Lambda based security response, Macie, Gaurd Duty, Config and Config rules
• Experience setting up and working in security operations
• Ability to define high-level strategy for security/compliance monitoring and risk mitigation
• Strong written and verbal communication skills