Two Sigma is a different kind of investment manager. Since 2001, we have used data science and technology to derive insights that forecast the future and discover value in markets worldwide. Our team of scientists, technologists and academics looks beyond traditional finance to understand the bigger picture and develop creative solutions to some of the world’s most difficult economic problems. Our work spans markets and industries, from insurance and securities to private investments and new ventures.
Security Risk, Policy, and Consulting combines technical expertise, institutional knowledge, and a love of critical thinking and data-driven security to push the boundaries of what is possible in security. This team is working to drive Two Sigma toward a data-driven, real-time, collective understanding of the firm’s current and desired security risk posture. We maintain clear, engineer-friendly policies and guidelines which articulate the firm’s risk tolerance and make it easy for our peers to understand their responsibilities. We partner with engineering, business, and leadership to identify firm-wide security risks and coordinate efforts across Security to find practical solutions. Lastly, we support the governance structure to address Two Sigma’s most significant security challenges.
This role is critical to Security’s vision of being a service-oriented, customer-focused team by providing a highly responsive and transparent internal security consulting service. Two Sigma Security is composed of world-class security professionals who are well-suited to developing cutting edge technical solutions to difficult problems; similarly, our Engineering arm is filled with amazing engineers committed to rapidly developing technology that enables the business to push the boundaries of what is possible. We need someone who can help keep those areas aligned at a tactical level where project and business needs meet high-end security requirements, and to do so at a pace that matches Two Sigma's focus on rapid innovation.
You will take on the following responsibilities:
- Provide your expertise to develop creative solutions to challenging security problems with new projects. Assist with design, review architectural proposals, recommend controls based on your understanding of threat landscape, regulatory requirements, and principles of secure systems design.
- Plan engagements and coordinate efforts for projects that require expertise from multiple security teams
- Own the consulting process, set direction, bring recommendations to the Security Risk Manager.
- Collaborate with the rest of the team to make - and implement - improvements to the security risk management program.
You should possess the following qualifications:
This role will have broad exposure across Two Sigma businesses and technical stacks. To that end our ideal candidate would have expertise in the following, preferably in an engineering-heavy organization:
- Solid foundational knowledge across most technical security domains, deep expertise in at least two areas (e.g., IAM, crypto,secure systems design, security operations; risk management; policy; pentesting/red teams; secure SDLC).
- Broad technical background and practical expertise in at least one area (e.g., linux/unix engineering; distributed systems architecture; cloud infrastructure; networking and network security; software engineering).
- Process and workflow expertise: collecting health metrics; developing and monitoring SLAs; prioritizing and planning engagements.
- Practical, risk-oriented, evidence-based approach to security assessment (quantitative risk management experience a plus)
- Understanding of one or more common control frameworks, preferably within the financial services industry.
You will enjoy the following benefits:
- Core Benefits: Fully paid medical and dental insurance premiums for employees and dependents, 401k match, employer-paid life & disability insurance
- Perks: Onsite gyms with laundry service, wellness activities, casual dress, snacks, game rooms
- Learning: Tuition reimbursement, conference and training sponsorship
- Time Off: Generous vacation, sick days, and paid caregiver leaves
We are proud to be an equal opportunity workplace. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender identity/expression, age, status as a protected veteran, status as an individual with a disability, or any other applicable legally protected characteristics.