APEX CLEARING is looking for an Information Security Director to join our team! In this role, you will lead projects to identify risks in APEX CLEARING infrastructure, applications, and processes, and make the appropriate recommendations for mitigating those risks. The primary objective for this role is to safeguard information against accidental or unauthorized access, modification, destruction, or disclosure; as well as protect Firm networks from unauthorized access and compromise.
What you’ll do all day:
- Manage the information security program. You will have direct oversight of our security program, helping to manage the development, implementation and enforcement of firm-wide policies, procedures, and best practices.
- Guide business and operational infrastructure. You will work closely with various teams, leadership, and external entities (audit agencies, regulatory bodies) to ensure communication, cooperation, and compliance of information security practices and requirements.
- Focus on security operations. You’ll provide actionable recommendations on new and existing security technologies, appropriate security architectures, and standards.
- Collaborate. The floor is always open for great ideas. We love to collaborate, share ideas and get different perspectives. You’ll work with smart people who value smart ideas and strong opinions.
- Work in a fast-paced environment. You’ll work tirelessly with your teammates to achieve timely deliverables and ensure security practices stay top of mind.
We’re looking for someone who:
- Is self-directed. You’re driven, motivated, and eager to succeed.
- Is a leader. You can lead multiple, high-visibility projects that require constant communication and collaboration with cross-functional teams and external parties.
- Has strong technical skills. You love technology and want to stay hands-on, always learning new security standards, tools, and approaches.
- Is adaptable. While you enjoy establishing process and standards, you understand the need to be flexible and enjoy trying new things.
- Operates with integrity. You always conduct yourself with honesty and operate ethically. You say what you mean, and mean what you say.
A few reasons why you might love us:
- The team is great. You’ll work cross-functionally with teams across the organizations that have a vested interest in maintaining strong security practices. You’ll be managed by people who care about you, and invest in your success.
- Your success will be recognized and appreciated. You’ll be able to see your direct impact on our growth. You won’t be just another cog in the wheel.
- The work environment is amazing. Our office space is really cool, open, and sleek. We provide free beverages, snacks and have fun while working hard.
And a few reasons why you may not love us:
- You don’t like change. This is not a job for someone who likes ‘predictable’. Our new business initiative demands flexible thinking and working in a fast paced and adaptable environment.
- You’re not the collaborative type. We’re solving pretty heady challenges. We bring ideas to the table and we work together to solve these challenges. If you’re looking to hide out and do your own thing, this might not be the right spot.
The skills you’ll need to succeed:
- 10+ years professional experience with at least 5 years involving security, risk management, compliance, and privacy of non-public personal data.
- Experience with IT security and privacy risk assessments and audits of IT general security controls.
- Working knowledge of infrastructure security concepts including firewalls, DMZs, intrusion detection/prevention systems, network security, application security concepts, password management, RBAC, and access provisioning.
- Familiarity with SIEM, EDR, CASB, IDS/IPS, WAF, and other security technologies required.
- Must have a thorough understanding of control and risk management concepts.
- Must have strong leadership and excellent communication skills.
- Must be able to lead high-visibility projects that require collaboration with cross-functional stakeholders to develop and implement consensual decisions.
- Must be well organized, solution-oriented and have strong process management skills
- Experience with the phases of the software development lifecycle.
- Experience with General Risk and Controls frameworks
- Experience with common vulnerability scanning and penetration testing tools.
- B.S. or B.A. or equivalent work experience required
- CISA, CISM, CISSP or CIPP certificate a plus.
- Experience in a highly regulated industry a plus.