Sr. Security Architect
ABOUT BESTOWBestow is a leader in the modern life insurance space. As both a direct-to-consumer destination and a leading enterprise SaaS provider, Bestow is on a mission to increase financial stability for everyone. We’re a series-C start-up with a remote/hybrid workforce offering work-life balance and equity to all employees. ABOUT THE ROLEAs a Security Architect, you will be critical in designing, implementing, and continuously testing security solutions to protect our company's information systems and assets. You will collaborate with various teams to develop and maintain a comprehensive security architecture framework that aligns with our business objectives and regulatory requirements. You will support our company-wide information security governance program. You will assist with ongoing compliance efforts by maintaining the control assurance program and partnering with business leaders to periodically assess, test and collect audit artifacts for review by the Chief Security Officer. You will also contribute to the Incident Response program by reviewing, preparing, and maintaining documentation, preparing, conducting, or participating in training exercises, and leading incident response efforts and subsequent after-action reporting.ABOUT THE TEAMBestow's legal, compliance, and security team aims to maintain strict compliance within the highly regulated insurance industry and make doing so part of Bestow’s workforce’s culture. The team regularly facilitates training, evaluations, and audits of the company processes to support product, insurance, marketing, and other teams operating efficiently and within the law. From contract negotiations to regulatory filings and risk mitigation, we aim to maintain Bestow’s reputation as one of professionalism and integrity.
THIS ROLE REPORTS TO
- Director, Security Governance
MORE ABOUT THE ROLE
- In collaboration, develop and maintain the Security Architecture roadmap that preserves a strong security posture and aligns with corporate objectives.
- Evaluate emerging security technologies, trends, and threats to ensure the company is best positioned to defend its landscape.
- Provide technical guidance to internal teams on security best practices, including secure coding, encryption, authentication, and access controls.
- Continuously assess current security systems, processes, and infrastructure to identify vulnerabilities and develop remediation plans. This includes conducting risk assessments and penetration testing to identify weaknesses and recommend corrective actions.
- Advise technical IT and Engineering teams on remediation steps for vulnerabilities identified with scans or penetration tests.
- Lead and collaborate with IT, Engineering, Legal, Finance, Insurance Operations, External Examiners, and other business areas as necessary during compliance exams.
- Maintain an assurance program to confirm compliance with internal controls or determine gaps. Interview stakeholders, gather data and create reports, and analyze the state of security and IT controls against best practices.
- Prepare metrics and reporting for review by the CSO and bring recommendations for remediation efforts that satisfy security best practices and audit scrutiny.
- Review and contribute to effective and efficient information security process documentation that supports and drives compliance to Bestow Information Security Policies, Standards, and applicable regulatory requirements. Research, understand, and interpret state regulations related to Cybersecurity and Privacy in the Insurance Industry.
- Contribute to response efforts for external requests, including questions about all aspects of the security program, including governance questions, and providing answers at a highly detailed technical level. Assist with other assigned duties related to the security governance program.
YOUR EXPERIENCE
- 11+ years of Information Security and/or Architecture Experience
- Must have CISSP or CISM
- Must have at least one additional certification, such as PenTest+, CYSA+, CEH
- Bachelor's degree or relevant work experience
- Extensive knowledge in all areas of Information Security and Privacy including Asset Management, Data Protection, Vulnerability Management, Access Controls, Network Security, and Disaster Recovery.