Security and Compliance Lead

All - San Mateo, CA | Boulder, CO | New York Metro /
Engineering /
Full Time
About Us

Jupiter is the global market leader in analytics for resilience planning and enterprise climate risk management, especially in financial services, industrial, the public sector, and NGOs.
 
Jupiter is led by pioneers in data, climate, and earth and ocean sciences, as well as technology, risk management, company building, and public policy. Our climate risk modeling solutions save lives and mitigate potentially catastrophic impacts inflicted by hurricanes, floods, heat waves, wildfires, drought, and other extreme weather events on homes, businesses, infrastructure, food and water supplies, and entire economies.
 
We seek new colleagues—data scientists, physical scientists, software engineers, company builders, and more—who share our passion for excellence, innovation, and collaboration. Jupiter was founded on the principle that with the right approaches and the right team, we can prepare Earth’s economies to meet the challenges associated with climate change. We value working in an inclusive and equitable environment, with team diversity that reflects the world we live in.  

Engineering at Jupiter

The Engineering team includes Data Insists, Data APIs, Application Development, Platform and Services Development, Cloud Operations and Security and is responsible for building innovative products and infrastructure for our ClimateScore™ Platform.  Jupiter's Engineering team consists of world class engineers with deep background and expertise in building  Peta-Scale systems that empowers Machine Learning, Data Science, Advanced Data Insights & Analytics and Platform for rapid Application development for our flagship products ClimateScore Planning and ClimateScore Global.

Responsibilities

Jupiter is in process of aligning the organization to requirements for SOC1, SOC2, PCI and to get certifications for ISO 27001 in 2021 and HiTrust in 2022. The role requires a wide range of cross-functional activities from certification audits to vendor risk assessments, access controls, policy management, security and compliance education, plus more.
Getting to compliance will require implementing controls , approval processes, gap identification, evidence collection, recommendations & roadmapping remediation plan, cross-functional buy-in for remediation, establishing access and control, tracking access & control, monitoring and logging etc. We are seeking a Security Compliance and IT Governance expert who will help us scale these components of Jupiter's ClimateScore Platform. We are looking for a leader who will go above and beyond industry standard in every aspect of IT governance but also manage the deliverable with a pragmatic (Startup) approach and:

-Create internal standards that map to requirements across relevant frameworks like ISO 27001 and ISO 27002 etc
-Create effective internal controls and collect evidentiary data
-Identify current gaps and build a plan to address them working with the stake holders(internal & external).
-Create and execute on remediation roadmaps, obtain cross-functional buy-in and monitor the continuous maintenance and evidence collection of effective controls
-Build or facilitate automation for repeatable and re-deployable controls across regions in AWS.
-Build strong and demonstrable IT governance procedures that align with Jupiter's roadmap for 2021 and 2022.
-Help building secure code, data-flows, ETls and cloud operations across the company by identifying risk areas and providing remediation plan that accommodates security and IT governance best practices
-Work closely with Program and Project Management to incorporate Security & Compliance requirements for all development streams.
-Author Internal policies and procedures around security, data governance, and risk
-Help build cross functional  KPIs to identify opportunities for improvement and automate collection of security and compliance information
-Hands-on with security and controls procedures

Requirements

-Deep understanding of compliance standards such as SOC1, SOC 2, PCI, NIST, ARPA, ISO 27001, GDPR and HiTrust
-Experience with Platforms built on Public and Private Clouds preferably AWS
-Proven track record of building and scaling successful compliance, security & risk assessment programs and methodologies working with internal and external partners.
-Ability to clearly articulate complex concepts of security and compliance
-Strong written and verbal communication skills
-Ability to provide consolidated plans by putting together different services and processes together
-Experience working in financial services and or Insurance sector

Bonus points

-Experience working at a auditing firm
-Experience working with external vendors to implement ISO standards.
-Experience with Azure

Must be authorized to work in the U.S.

Please submit your Cover Letter and Resume to us to see if there might be a great fit.