Sr. Manager, Information Security & Risk (Pune)

As the Sr. Manager, Information Security & Risk at Addepar, you will manage the local Pune Information Security team with a keen focus on Identity & Access Management (IAM). Your responsibilities will include executing the IAM strategy in collaboration with ISR leadership, overseeing the implementation of access and identity technology improvements, and mentoring team members to promote career growth. You will also be instrumental in enhancing employee experiences through improved access controls and driving automation initiatives within IAM.

To qualify for the Sr. Manager, Information Security & Risk role at Addepar, candidates should possess a minimum of 10 years of progressive experience in information security, including time spent working closely with IAM teams. Additionally, a minimum of 4 years in a managerial role is required. You should also have in-depth knowledge and technical experience with leading IGA/IDM tools, authentication and authorization protocols, and familiarity with platforms like Okta and AWS.

Success in the Sr. Manager, Information Security & Risk role at Addepar will depend on your ability to effectively communicate technical requirements to diverse teams and stakeholders. You'll also need strong analytical skills for collecting data and driving data-driven decision-making. A self-starter mindset, proactive problem-solving abilities, and a constant desire to learn about the ever-evolving cybersecurity landscape are essential. Previous experience with Incident Response and Security Operations can be advantageous.

The Sr. Manager, Information Security & Risk position at Addepar is vital in shaping the organization's identity and access management strategy. By driving efficiencies and improvements within IAM, you will enable the secure management of access to Addepar's systems and data. Your role directly contributes to the company's commitment to user trust and satisfaction, supporting the broader mission of empowering investment professionals around the globe.

The work environment for the Sr. Manager, Information Security & Risk role at Addepar is a hybrid model, required to work from our Pune office for three days a week. Addepar embraces a flexible workforce, fostering a culture that values collaboration and innovation. You will be part of a dynamic team that seeks to create lasting value for clients while prioritizing security and integrity in all operations.

When answering this question, focus on your direct experiences with IAM tools and processes. Discuss any specific projects you have worked on, your role in managing IAM solutions, and how you implemented security protocols effectively. Emphasize your ability to work with cross-functional teams in driving IAM strategies and improvements.

Highlight your commitment to continuous learning and professional development. Discuss specific resources, courses, or conferences you attend to stay informed about emerging threats and technologies. Mention any professional networks or communities you are a part of that help you exchange knowledge and insights with peers in the information security field.

Use the STAR method (Situation, Task, Action, Result) to provide a structured response. Describe the context of the challenge, what your responsibilities were, the specific actions you took to address the challenge, and the successful outcome that resulted. This will demonstrate your problem-solving abilities and your approach to crisis management in a security role.

Be prepared to discuss your specific experiences with IAM tools such as Okta, Azure AD, or similar IGA/IDM solutions. Explain how you've used these tools for role-based access controls, onboarding processes, or identity governance, associating your knowledge with real-world examples to showcase your technical proficiency.

Articulate your management style and how you prioritize team development. Talk about your experience in mentoring team members, providing them with opportunities to learn and grow through guidance and constructive feedback. Include examples of how you've helped your team build their skills and confidence.

Do thorough research about Addepar’s information security policies and how they align with the company's overall mission. Discuss their hybrid work model and how that affects security practices. Show enthusiasm for their commitment to user trust and security innovation, emphasizing how you resonate with these values.

Provide a clear outline of the zero-trust concept, emphasizing the principle of 'never trust, always verify.' Discuss key components such as strict identity verification, least-privilege access, and continuous monitoring of users and devices. You might share any experiences you've had in implementing or advocating for a zero-trust model in your previous roles.

Detail your understanding of relevant compliance standards like GDPR, ISO 27001, or NIST. Talk about your experience managing compliance initiatives, conducting audits, or aligning security practices with regulatory requirements. This demonstrates not only your knowledge but your commitment to maintaining high security standards.

Outline your approach to regular access reviews, explaining the importance of periodic audits in maintaining security. Discuss the methodologies you employ to identify, assess, and rectify inappropriate access levels, demonstrating your thoroughness and attention to detail in protecting sensitive information.

Emphasize your capability to translate complex technical information into understandable concepts for non-technical stakeholders. Discuss experiences where you've had to present technical requirements or findings to various teams, showcasing your interpersonal skills and ability to foster collaboration throughout the organization.