Senior Security Analyst

Who We Are

Addepar is a global data and AI platform empowering investment professionals to turn complex financial information into actionable intelligence. Addepar unifies portfolio, market and client data in a total portfolio view and delivers AI-powered insights within investment and client workflows. More than 1,400 firms in nearly 60 countries use Addepar to manage and advise on nearly $9 trillion in assets. Its open platform integrates with nearly 650 software, data and consulting partners to power end-to-end investment operations across firms of all sizes and complexity. Addepar supports clients worldwide with offices in New York City, Salt Lake City, London, Edinburgh, Pune, Dubai, Geneva and São Paulo.

The Role

We are currently seeking a Senior Information Security & Risk Analyst to join our Information Security & Risk team as part of the expanding team within our Edinburgh, UK location. The successful candidate will have the opportunity to help take Addepar’s Information Security and Governance programs to the next level.

The Information Security & Risk (‘ISR’) organization at Addepar is focused on establishing clear, simple and consistent control frameworks, and providing effective oversight of information security and technology activities. This organization plays a critical role in helping to balance risk-taking activities and decisions with opportunities to manage risk.

The successful candidate will be skilled in supporting high-impact governance, risk and compliance programs that align to the size and maturity of our business.

This is a hybrid role and will be 2 days per week in our Edinburgh office.

Applicants must have, and maintain, the right to work in the United Kingdom from the first day of employment. Please note that visa sponsorship is not available for this role.

What You’ll Do

Assist in the management of Addepar’s Client Due Diligence Program through the composition and maintenance of security collateral.

Drive a more optimized Information Security and Risk Program, aligned with industry standard frameworks such as the NIST Cybersecurity Framework.

Lead independent risk assessments of our environment focusing on our platform and its supporting third party and internally developed software, infrastructure, and tools.

Support build-out of an enterprise metrics program and risk reporting framework to communicate risk to senior management.

Partner with control owners, engineers and other teams to facilitate reviews of new products and services, to ensure risks are identified, communicated, and mitigated.

Support SOC2 reviews including project management, planning, and coordination across Addepar teams and external auditors.

Maintain Addepar Information Security & Risk policies and standards, aligning to business and Client needs.

Assist efforts on Data Governance and ensuring the right access controls are in place to support the program.

Drive improvements and execution of risk and governance awareness programs.

Work as part of a global operating team across multiple timezones.

Who You Are

Extensive experience managing, consulting, auditing, or working in the fields of Information security or Technology Risk required. AWS Cloud Security experience preferred.

Demonstrate strong analytical, communication, and problem solving skills.

Experience identifying and communicating key risks related to cloud implementations and architectures.

Ability to manage multiple high-visibility and high-impact projects while maintaining superior results.

Familiarity with control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, ISO) and SOC2 audit compliance.

Our Values

Act Like an Owner - Think and operate with intention, purpose and care. Own outcomes.

Build Together - Collaborate to unlock the best solutions. Deliver lasting value.

Champion Our Clients - Exceed client expectations. Our clients’ success is our success.

Drive Innovation - Be bold and unconstrained in problem solving. Transform the industry.

Embrace Learning - Engage our community to broaden our perspective. Bring a growth mindset.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

PHISHING SCAM WARNING: Addepar is among several companies recently made aware of a phishing scam involving con artists posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote “interviews,” and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from Addepar without a formal interview process. Additionally, Addepar will not ask you to purchase equipment or supplies as part of your onboarding process. If you have any questions, please reach out to ta-operations@addepar.com.