Senior Information Security Risk Analyst

  • Competitive
  • Marlborough, MA, USA
  • Permanent, Full time
  • Wellington Management Company, LLP
  • 20 Oct 17 2017-10-20

Senior Information Security Risk Analyst


Wellington Management offers comprehensive investment management capabilities that span nearly all segments of the global capital markets. Our investment solutions, tailored to the unique return and risk objectives of institutional clients in more than 50 countries, draw on a robust body of proprietary research and a collaborative culture that encourages independent thought and healthy debate. As a private partnership, we believe our ownership structure fosters a long-term view that aligns our perspectives with those of our clients.


The individual in this role will be a key member of our Information Security Risk and Controls team, with initial primary responsibilities of working directly with the business, technology leads, and service providers performing detailed technical information security assessments highlighting risks and providing recommendations and designs for greater risk resiliency.  Additionally, the individual will be, supporting risk assessment and controls design of internal solutions and architectures including highly "cloud first" development and continuous integration models.  This individual will also enjoy the opportunity to work on developing new security models for public cloud, IaaS, and SaaS solutions, and will work closely with our Cyber Defense and Security Operations teams in a very hands-on and collaborative environment in the financial management industry.  The successful individual hired into this role will enjoy opportunities to explore and evaluate additional Information Security, cloud computing, and control technologies.

Keys to this position

1.10 plus years in Information Security or related roles such as Systems Architecture, Network Architecture, Systems Administration, etc., including 5 plus years of experience in an Information Security Risk role.   Experience performing risk assessments as well as working with internal teams to advise on risk is highly desired. 

2.A solid foundation of technical knowledge is required to be successful in this role, including but not limited to technical depth in areas such as:  Public Cloud Security Models, Data Encryption, Access Control, Security Architecture, Identity Federation Models, and Vulnerability Management. 

3.Excellent written and verbal communication skills are required as this individual will interface with business users, outside vendors and IT teams. 

4.The role is based in Marlborough but there is periodic (weekly) travel to Boston offices.

Minimum Requirements:


•10+ years' experience in Information Security or related roles with hands-on experience with a variety of technologies and architectures sufficient to provide the background necessary to work closely and "go deep" with technical resources as well as internal development and infrastructure teams.

•Experience helping to design, grow, and work within a formal qualitative Information Security risk management program.

•Experience in designing, deploying, or assessing information security technology, processes, and controls.

•Significant breadth of technical experience and critical analysis skills sufficient to perform detailed risk analysis on a variety of technologies and use cases.  The successful candidate will have the technical depth and analysis capabilities necessary to be proficient when examining controls and identifying risk in areas such as could infrastructure, data encryption, access control, security architecture, information security policy and standards, and vulnerability management.

•Excellent verbal and written communication skills and presentation skills are a must.

•Bachelor's degree in Computer Science or related discipline.

•CISSP is preferred.

Applicant must meet MOST of these requirements.

•Experience with Vendor Management Programs, performing risk assessments of third party service providers/vendors based on SIG, review of SSAE16 or similar.


Specific responsibilities include:

•Function as the primary Information Security Risk representative on the Vendor Risk & Oversight team, performing both vendor and internal risk assessments and working with business units to improve current controls and continue to mature the assessment process and deliverables.

•Lead efforts to improve upon and formalize the existing Information Security Risk Assessment and Exception process, delivering a standard, well-documented and referenceable process.

•Assess emerging technologies for security controls and applicability into our existing portfolio.

•Work with internal application, infrastructure, and architecture teams to assess the information security risk of existing technology, infrastructure and processes as well as proposed projects.

•Assist with information security risk aspects of internal audits.

Senior Information Security Risk Analyst

Systems Analysis


As an equal opportunity employer, Wellington Management considers all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, gender expression, religion, creed, national origin, age, ancestry, disability (physical or mental), medical condition, citizenship, marital status, pregnancy, veteran or military status, genetic information or any other characteristic protected by applicable law. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at .