Tech Risk Advisory Associate - Greensky (Atlanta / Remote)

Job Description

Headquartered in Atlanta, GreenSky is among the top 3 most valuable U.S. financial technology companies established since 2000, and our $1.0 billion Initial Public Offering marked the largest U.S. Technology IPO of 2018. Our mission is simple. We power commerce. Our highly scalable, proprietary technology platform enables over 12,000 merchants to offer frictionless promotional payment options to consumers at the point-of-sale, driving increased sales volume and accelerated cash flow. Our bank partners leverage GreenSky's technology to provide loans to super-prime and prime consumers nationwide. Since our inception, over 1.7 million consumers have financed over $12 billion of commerce using our paperless, real time "apply and buy" technology. For more information, please visit https://www.greensky.com.

Looking for great talent to help us continue our rapid growth!

Position: Application Tech Risk Advisor

Overview:

GreenSky is looking for an Application Technology Risk Advisor to join our Corporate Security Organization. Technology Risk secures GreenSky against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the enterprise, helping develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control.

Duties & Responsibilities:

• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
• Focus on in house infrastructure/network projects, external cloud engagements, applications and adoption.

• Work with various teams to understand design proposals and evaluate risk while supporting the business needs.

• Provide internal risk advisory and consulting services to application and infrastructure developers.

• Perform infrastructure as code reviews.

• Develop policy as code, templates and modules to implement and enforce secure patterns and guidance.

• Review of pen-test results with the ability find gaps and risks in designs.
• Conduct research and POC's to drive improvements to designs, tooling, potential AI.
• Ensure compliance of corporate security policies and practices for all new applications, SaaS tools, and technology enhancements.
• Incorporate review of DR and BCP planning for all new applications, systems to the enterprise.
• Monitor log files, dashboards and other appropriate data sources to provide periodic management reporting and input to the life-cycle improvement process.
• Review and approve any PII being sent externally for appropriate file transfer, business reasons, and vendor risk evaluation.
• Develops and maintains security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Reviews to ensure technology is meeting baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM).
• Validates IT infrastructure and other reference architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable.
• This role must demonstrate exemplary judgement in gauging the risk of gaps, formulating both short and long-term business and security goals as well as being organized.
• Responsible for developing, communicating and enforcing application security standards at both the application and code layer as well as coordinating penetration testing and ownership of various code vulnerability scanning tools.
  • Ability to walk a developer through vulnerability finding

Required Skills & Qualifications:

• Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
• Minimum of 5 years' experience in information technology and system administration
• Full-stack knowledge of IT infrastructure:
  • Applications
  • Databases
  • Operating systems (Windows, Linux)
  • IP networks (WAN, LAN)
  • Cloud infrastructure (Azure/AWS)
  • Vulnerability Management (Prisma/Rapid 7)
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
  • Change management
  • Ability to read and find vulnerabilities in security scans
• Build Security Requirements
• Exceptional verbal and written communication skills
• CISSP, CCNA, GIAC, GCIA, GCIH, GSEC, Security+ or similar certification desirable
• Operating systems and networking certifications desirable
• Knowledge of industry standards including ISO 27001, NIST, HIPAA, PCI-DSS, etc.
• Results oriented, willing to accept challenges dynamically and prioritize accordingly to business needs.

GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.