Security Engineer, Technology Risk

Job Description

About the company

Robinhood is democratizing finance for all. With customers at the heart of our decisions, Robinhood is lowering barriers, removing fees, and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.

Robinhood is a fast-growing company and was recognized as a CNBC Disruptor 50 and a LinkedIn Top Startup in 2019. We’re continuing to grow and are looking for incredible talent that can help us achieve our mission.

About the role

Robinhood is looking for a seasoned infrastructure or infrastructure security engineer to lead infrastructure risk management, at the interface of the Governance, Risk and Compliance (GRC), Engineering, and Security functions. The ideal candidate will thrive on working cross-functionally, building trust and great working relationships. You will work on projects across several teams and partner opportunistically with senior engineers across the company. Your primary function will be to help us assess infrastructure related risk and work with the business to develop mitigation plans to help Robinhood scale and manage the controls expected in a large and well established company. You will play a leadership role in a key task force of GRC technologists that monitor and guide the company in its use of technology as an enabler of growth.

One of the key responsibilities for GRC is to discover, track, and drive risk remediation. The Infrastructure Risk Engineer will be responsible for overseeing this effort for all infrastructure related risk in the firm. You will work together with your colleagues in Technology Risk & Compliance (TRC) to create templates for regular engineering-wide risk discovery efforts, work with engineering leaders to assess the risks, and develop mitigation strategies.

You will also provide design and implementation support for key infrastructure such as the technologies that support customer and employee identity, authentication, authorization, and auditing. You will also be responsible for operating and supporting the third-party products that are unique to GRC. As one of the most senior engineers at Robinhood, you will play an active role in the community around engineering at Robinhood and be involved in consultations and design reviews of products across the company. If you are interested in a role where you get to guide and advise while still keeping your hands on a keyboard part of the time, this is a great opportunity for you!

Your day-to-day will involve:

• Implementation and management of the technologies that drive the GRC function, including at least a partial role in our fraud and anti-money laundering backend services.
• Conduct infrastructure risk assessments for both in-house and vendor-provided systems.
• Collaborate on mitigation strategies for infrastructure risks
• Collaborate with other senior engineers on technical guidance on how to manage our cloud-based infrastructure at scale
• Establish working groups across InfoSec, GRC, and Engineering to identify and drive infrastructure improvements.
• Join forces with other senior engineers to identify and drive high-impact initiatives.
• Identity potential problems and metrics to measure their impact and surface them to senior executives.
• Provide technical guidance during audits and regulatory compliance efforts

Some things we consider critical for this role:

• 10+ years of experience in technical job roles of which at least five is program and project management
• Experience writing clear concise technical documentation
• Experience building complex cross-functional programs
• Experience in one or more security disciplines, such as those in the Common Body of Knowledge
• University degree or equivalent experience in Computer Science, Engineering, Information Systems, Finance, or related fields
• Familiarity with GDPR, CCPA, and similar regulatory requirements

Bonus points:

• 5+ years of experience in a security and/or risk management organization
• Experience in a highly regulated environment and/or public companies
• Experience managing off-the-shelf GRC tools
• CISSP, CISM, ISSMP, or similar certification

Feeling ready to give 100% to democratizing finance for all? We’d love to have you apply, even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we’re looking for people invigorated by our mission, not just those who simply check off all the boxes.