Principal, Information Security

We are Allvue Systems, the leading provider of software solutions for the Private Capital and Credit markets. Whether a client wants an end-to-end technology suite, or independently focused modules, Allvue helps eliminate the boundaries between systems, information, and people. We’re looking for ambitious, smart, and creative individuals to join our team and help our clients achieve their goals.   Working at Allvue Systems means working with pioneers in the fintech industry. Our efforts are powered by innovative thinking and a desire to build adaptable financial software solutions that help our clients achieve even more. With our common goals of growth and innovation, whether you’re collaborating on a cutting-edge project or connecting over shared interests at an office happy hour, the passion is contagious. We want all of our team members to be open, accessible, curious and always learning. As a team, we take initiative, own outcomes, and have passion for what we do. With these pillars at the center of what we do, we strive for continuous improvement, excellent partnership and exceptional results. Come be a part of the team that’s revolutionizing the alternative investment industry. Define your own future with Allvue Systems! 

The Information Security Principle is a senior role responsible for leading and implementing strategic security initiatives to protect an organization's data and systems from threats. This person is a member of the Allvue Information Security team who plays a role in protecting the company’s information technology assets and sensitive data. The principle will help drive continuous improvement to our information assurance posture using code to scale security solutions across the company. The principle is a global position responsible for overseeing various functions including but not limited to Incident Response, Risk Assessments, Application code and design reviews, client and audit inquiries, and management reporting.

• Overseeing and leading incident response activities to contain, eradicate, and recover from security breaches
• Assist and monitor first line of defense in applying information security tools in identifying, assessing, monitoring, and controlling technology risk, and provide guidance on necessary mitigation measures.
• Monitoring all operations, networks, and infrastructure for security issues and investigating incidents as needed.
• Ability to be “on-call” for rotating shift coverage in a follow the sun model.
• Assist to prepare regular management reports on technology risk status of the team and company.
• Assess the adequacy and effectiveness of the controls from a technology risk perspective during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Writing scripts / lite coding to detect, remediate, and enforce security standards in AWS and Azure
• Ability to review network and application logs to identify vulnerabilities and opportunities to harden our controls
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial actions.

• Contribute to strategic IT security projects & initiatives.

• Experience with public cloud technologies (AWS or Azure (VPCs, Security Groups, EC2, S3, etc.)
• Ability to conduct malware analysis
• Experience with open-source technologies and environments
• Hands-on experience with Windows and Networking fundamentals
• Experience with Crowdstrike, Rapid7, SIEM, Mimecast
• Experience with penetration testing and manual code reviews
• Must possess a strong service mindset.
• A critical thinker, one who can think outside the box.
• Ability to not only follow a playbook but think broader and just leverage a playbook as guidance.
• Familiarity with cyber tabletop exercises
• Managing our 3^rd party pen tester.
• A demonstrated ability to manage complex projects in an effective manner.
•  Experience conducting eDiscovery investigations

• Bachelor’s degree or higher from an accredited university with a degree in Computer Science, Information Security, or Engineering.  (Information technology/security experience or certifications can substitute for the degree requirements.)  
• GIAC certifications, OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), or comparable

• Excellent English written and verbal communication

• Health Coverage options along with other voluntary benefits 
• Enterprise Udemy membership with access to thousands of personal and professional development courses 
• 401K with Company match up to 4% or Employee Pension plan  
• Competitive pay and year-end bonus potential  
• Flexible PTO  
• Charitable Donation matching, along with Volunteer and Voting PTO  
• Numerous team building activities to promote collaboration in a fun and fast-paced work environment 

Allvue Systems provides equal employment opportunities (EEO) for all employees and applicants for employment. We recognize the real value of bringing people together from diverse backgrounds, experiences and perspectives - we don’t just accept difference, we celebrate and support it. We are committed to advancing these efforts through our strategies to hire, promote, create and support a diverse and inclusive environment throughout our workforce and workplace. It is our policy to prohibit discrimination and harassment of any type without regard to race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. In addition,  Allvue will provide reasonable accommodations for qualified individuals with disabilities.