Cyber Risk Auditor
New York, New York, United States
Two Sigma is a different kind of investment manager. Since 2001, we have used data science and technology to derive insights that forecast the future and discover value in markets worldwide. Our team of scientists, technologists and academics looks beyond traditional finance to understand the bigger picture and develop creative solutions to some of the world’s most difficult economic problems. Our work spans markets and industries, from insurance and securities to private investments and new ventures.
The Two Sigma Cyber team is focused on pushing the boundaries of what is possible when we reevaluate traditional assumptions and embrace modern technology. Whether we are unlocking the potential of quantitative analysis, pushing the limits of zero trust, driving cloud infrastructure to new heights, or developing our own solutions to common authentication and authorization challenges, we embody a culture of proactive and transparent innovation.
The Cyber Risk Auditor will report to the Cyber Risk Program Lead and will partner directly with the manager for Security Infrastructure & Operations, manager for Security Architecture, manager for Cloud Security, the Two Sigma Compliance team, and Engineering Group Leads. This role will be responsible for articulating the current risk posture of Two Sigma and to guide investment/innovation to improve the risk posture of the firm. Successful execution of this role should eventually result in a real-time understanding of risk, threat analysis, and countermeasure effectiveness with strong signal fidelity. Outputs of the program should inform engineering and budget priorities across the firm. This role will have the ability to influence the security state of Two Sigma, engineering priorities across the firm, and investor confidence in the firm.
You will take on the following responsibilities:
Conduct internal audits of the cyber risk posture of Two Sigma systems;
Engage with external auditors;
Prioritize and drive remediation of identified risks;
Drive improvements to security capabilities;
Partner on automation of risk signal; and
Partner on modeling and quantitative analysis of risk based on automated signals.
You should possess the following qualifications:
Three years of experience working in some combination of cyber security auditing (internal or external), and/or cyber security consulting.
You will enjoy the following benefits:
Core Benefits: Fully paid medical and dental insurance premiums for employees and dependents, 401k match, employer-paid life & disability insurance
Perks: Onsite gyms with laundry service, wellness activities, casual dress, snacks, game rooms
Learning: Tuition reimbursement, conference and training sponsorship
Time Off: Generous vacation, sick days, and paid caregiver leaves
We are proud to be an equal opportunity workplace. We do not discriminate based upon race, religion, color, national origin, sex, sexual orientation, gender identity/expression, age, status as a protected veteran, status as an individual with a disability, or any other applicable legally protected characteristics.