About us:

Aspiration is a financial firm with a conscience that is built for everyone, committed to giving, and founded on trust. We bring new and exciting sustainable investment choices to everyday investors, put unprecedented trust into the hands of our customers, and honor our pledge to give back by donating 10% of our yearly revenue to charity. The commitment to “Do Well. Do Good” is at the heart of our company and our approach.

About the role:

Aspiration is hiring an experienced information security professional to join our talented team. In this role, you will be responsible for ensuring our platform, systems, users, and ultimately our customers’ information is protected.  

What you’ll do:

• Conduct risk assessments against systems and processes to ensure appropriate controls are in place and recommend/implement controls to remediate risk findings.

• Review AWS security and configuration management. Work with DevOps to fix security issues.

• Document information security policies, procedures, and tests.

• Conduct regular vulnerability assessments and lead projects for penetration tests.

• Identify regulatory and legal requirements that may affect data and application security policy, standards, and procedures. Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud scams, and best practices and tools available for system/network protection.

• Train users and promote security awareness to ensure system security.

What you'll bring:

• 4+ years Information Security experience in analysis, engineering, or architecture
• B.S. in Computer Science, Information Security, or related technology field
• Experience with a "cloud first" architecture, hybrid, or on-premise

• Experience working in a Mac OS environment. Basic UNIX/Linux experience.

• Experience with modern security tools for: log management, SIEM, SSO, IDM, IAM, NGAV, MDM, DLP, CASB, etc.

• Knowledge and understanding of security vulnerabilities and hacking techniques

• Knowledge and understanding of DevOps security

• Knowledge of regulatory and legal requirements (GLBA, California SB 1386, AB 375, etc.)

• Knowledge of cyber security banking, investment advisor, and broker-dealer compliance requirements (FFIEC, OCC, FINRA, SEC)

• Knowledge of PCI requirements.

• Knowledge of standards including: SSAE 18, ISO 27000, NIST, CIS, etc.

• Knowledge and understanding of the following technologies and concepts:

  • Networking protocols

  • Encryption (one-way, two-way, PKI)

  • Email SPF, DKIM and DMARC

• Coding experience and release management a huge plus.

• Previous fintech, banking, credit union, investment firm, or mortgage industry experience is a BIG plus!

• Relevant security, privacy, or auditing certifications such as: CISSP, CCSP, CISA, CRISC, CIPP, CIPT, PCI ISA, or QSA a big plus but not required