ABOUT US

At NextCapital, we build financial software that helps everyday investors build and manage a world-class financial portfolio. Our work directly benefits the millions of Americans who can’t afford traditional financial advice, by providing them a solution driven by software. Working with the world’s leading financial institutions, our software tackles the complex challenges of providing financial advice through an intuitive and engaging user experience.

*At this time, NextCapital does NOT offer future employemnt sponsorship for this position*

JOIN OUR TEAM

Our people are core to who we are. We’re looking for someone who is passionate about managing and continuously improving NextCapital’s cybersecurity program. The ideal candidate is able to understand emerging technical concepts and has a great understanding of critical information security domains. This role is looking for a key leader to partner with Technology, Risk, Legal and Compliance teams as they develop secure solutions helping to meet partner and regulatory requirements. Learn more about NextCapital at www.themuse.com/companies/nextcapital

WHAT YOU’LL DO

• Contribute to the privacy, security and compliance strategy and planning process
• Help define and manage the company's information security policies
• Facilitate risk assessments, maturity assessments, and the evaluation of controls against policies, standards and processes
• Manage and deliver information security and compliance projects with positive outcomes
• Compile weekly, monthly, quarterly and annual reporting including metrics covering the current control set
• Manage critical aspects of the information security and compliance remediation process, especially as it relates to SOC 2 compliance
• Contribute to partners’ security questionnaire and assessment process
• Help manage the vendor risk management program by performing security assessments of third-party service providers for both prospective and existing providers
• Manage our security awareness training program, including Phish testing
• Oversee the Vulnerability & Patch Management programs to ensure patching is performed within the company’s risk tolerance, as well as established SLAs
• Assist with our threats modeling and associated table top exercises

Requirements

WHO WE’RE LOOKING FOR

• Bachelor’s degree or equivalent experience; minimum 4 years of experience in information security and related compliance programs
• Program/project management experience and knowledge of best practices
• Experience in responding to client security assessments and questionnaires
• Experienced in risk management techniques such as control assessments, gap analysis, external or internal audit, risk management concepts and risk assessment methodologies
• Experience reviewing legal documents or familiarity with legislation related to privacy and security
• Prior experience with managing compliance programs such as SOC 2 or ISO 27000 series
• A minimum of 4 years experience with security-related regulatory compliance for financial services, such as FINRA, SEC rules, and other regulations
• Cross-business group collaboration experience
• CISA, CISM, CISSP, ITIL v3 or similar, a plus

Benefits

WHY YOU’LL LOVE IT

• Disrupt the financial advice industry by bringing affordable, easy to use financial tools to millions of people
• Have a direct impact on the growth and scale of the company
• Enjoy a laid back work environment & learn from FinTech’s best & brightest
• Receive great benefits like stock options, 401(k) match, and top notch health benefits
• As the COVID-19 pandemic cools down, participate in company-sponsored cornhole leagues, Thursday After Hours (cards, video games, treats), company outings, wine tastings, fantasy sports leagues, hackathons and other fun events
• Relax with monthly, company wide, guided meditation sessions
• Participate in women in tech events and service days at local organizations
• Enjoy “Summer Hours” whereby our firm is ‘closed’ every Friday afternoon from April 23, 2021 through Labor Day

• Enjoy the flexibility of working fully remote, partially remote, fully physical, or a mashup of each. And whatever you choose, enjoy a newly built-out office on Michigan Avenue with a view of Millennium Park and Lake Michigan
• And, yes, in our physical space, you can sip locally roasted coffee, kombucha, or craft beer at your modular sitting/standing desk