Manager, Information Security

WHO WE ARE
Apex Fintech Solutions (AFS) powers innovation and the future of digital wealth management by processing millions of transactions daily, to simplify, automate, and facilitate access to financial markets for all. Our robust suite of fintech solutions enables us to support clients such as Stash, Betterment, SoFi, and Webull, and more than 20 million of our clients' customers.
Collectively, AFS creates an environment in which companies with the biggest ideas in fintech are empowered to change the world. We are based in Dallas, TX and also have offices in Austin, New York, Chicago, Portland, and Belfast.
If you are seeking a fast-paced and entrepreneurial environment where you'll have the opportunity to make an immediate impact, and you have the guts to change everything, this is the place for you.
AFS has received a number of prestigious industry awards, including:

• 2021, 2020, 2019, and 2018 Best Wealth Management Company - presented by Fintech Breakthrough Awards
• 2021 Most Innovative Companies - presented by Fast Company
• 2021 Best API & Best Trading Technology - presented by Global Fintech Awards

ABOUT THIS ROLE
Apex Fintech Solutions is looking for an Manager, Information Security to join our team! In this role, you will lead the Information Security Governance, Risk and Compliance (GRC) program for our organization. The primary objective for this role is to establish best in class Security, Risk & Compliance programs and policies that safeguard firm infrastructure and applications and to lead and develop a team to manage ongoing risk and compliance work streams within the Information Security team.
What you'll do all day:

• Manage the GRC security program. You will have direct oversight of our security GRC program, helping to manage the development, implementation and enforcement of firm-wide policies, procedures, and best practices. Ensuring they are best-in class and reviewed and up to date on a regular basis.
• Guide business and operational infrastructure. You will work closely with business teams, leadership, our compliance team, and external entities (audit agencies, regulatory bodies) to ensure communication, cooperation, and compliance of information security practices and requirements.
• Vendor assessments. You will be involved in vendor risk assessments and communicate them to business partners.
• Focus on security practice and compliance. You'll provide actionable recommendations on new and existing security processes, technologies, and standards. This includes reporting and metrics toward the alignment of controls to risks and showing maturity models against it.
• Work in a fast-paced environment. You'll work tirelessly with your teammates to achieve timely deliverables and ensure security practices stay top of mind.

We're looking for someone who:

• Is self-directed. You're driven, motivated, and eager to succeed.
• Is a leader. You can lead multiple, high-visibility projects that require constant communication and collaboration with cross-functional teams and external parties.
• Has strong technical skills. You love technology and want to stay hands-on, always learning new security standards, tools, and approaches.
• Is adaptable. While you enjoy establishing processes and standards, you understand the need to be flexible and enjoy trying new things.
• Operates with integrity. You always conduct yourself with honesty and operate ethically. You say what you mean, and mean what you say.

A few reasons why you might love us:

• The team is great. You'll work cross-functionally with teams across the organizations that have a vested interest in maintaining strong security practices. You'll be managed by people who care about you, and invest in your success.
• Your success will be recognized and appreciated. You'll be able to see your direct impact on our growth. You won't be just another cog in the wheel.
• The work environment is amazing. Our office space is really cool, open, and sleek. We provide free beverages, snacks and have fun while working hard.

The skills you'll need to succeed:

• Bachelor's degree or equivalent work experience required
• 7+ years professional experience with at least 5 years involving information security, risk management, compliance, and privacy of non-public personal data.
• Deep knowledge and experience with information security and privacy risk assessments and audits of IT general security controls.
• Direct experience with managing SOC 1 & 2 activities, NIST CSF and other relevant security and privacy compliance / standards / frameworks
• Strong understanding and experience in enabling GRC solutions and common control framework for data regulations
• Must have a thorough understanding of control and risk management concepts.
• Must have strong leadership and excellent communication skills.
• Must be able to lead high-visibility projects that require collaboration with cross-functional stakeholders to develop and implement consensual decisions.
• Must be well organized, solution-oriented and have strong process management skills
• Experience with the phases of the software development lifecycle.
• CISA, CRISC, CISM, CISSP or CIPP certificate a plus.
• Experience in a highly regulated industry is a plus.

OUR REWARDS
We offer a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP), competitive PTO, 401k match, parental leave, and HSA contribution match. We also provide our employees with a paid subscription to the Calm app and offer generous external learning and tuition reimbursement benefits. At AFS, we offer a hybrid work schedule for most roles that allows employees to have the flexibility of working from home and one of our primary offices.
AFS is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, natural or protective hairstyle, genetics, disability, age, or any other basis forbidden under federal, state, or local law.