Consultant - Information Security

Description

Job Location

The primary work location for this role is Trivandrum, India with a hybrid/ remote work model.

About Envestnet

Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs.

For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com.

The Team You’ll Join

You will join Envestnet’s Technology team, where we design, build, and maintain scalable, secure, and robust WealthTech solutions that power the future of financial advice. The team collaborates closely with product, operations, and business stakeholders to drive innovation, enhance efficiency, and enable sustainable growth. Guided by modern engineering practices and a commitment to domain excellence, technical rigor, and collaboration, the Technology team ensures our platforms remain resilient, adaptable, and aligned with evolving business needs making it a core driver of Envestnet’s long term success.

How You’ll Contribute

We are seeking an accomplished Information Security professional with extensive experience in cybersecurity best practices, enterprise security architecture, data protection, first-line information security risk management, and conducting security assessments. The Manager – Information Security will be instrumental in developing, evaluating, and ensuring alignment with cybersecurity controls and policies, maintaining compliance with standards, and embedding security into the organization’s products, services, and technology infrastructure. This position demands a subject matter expert capable of bridging the gap between security policy, risk, and technical implementation. A solid understanding of the latest security frameworks and technologies, including Cloud and AI, is essential to effectively inform and support risk-based decision-making.

Cybersecurity Policy & Governance

• Working knowledge of frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector.
• Convert identified security risks into policy requirements while ensuring alignment with business objectives.
• Work with security, engineering, architecture, and operational teams to confirm that policies are technically feasible and provide guidance on implementing and enforcing controls.
• Drive enhancement of the security program, including developing and maintaining policies, standards, guidelines, procedures, and updating to ensure alignment with relevant industry frameworks.
• Review, assess, mature and manage security policy, processes and procedures and their implementation; Develop and enhance an up-to-date information security program based on the NIST and other applicable industry standard frameworks.
• Enhance, and/or establish the model and process for the managing the development and ongoing maintenance of security policies and standards; manage an effective exception process to facilitate and manage requests for non-compliance with policies, standards and baselines.
  
  

Risk Management And Assessments

• Function as a security specialist, providing advisory support or directly conducting comprehensive risk assessments and control gap analyses across services, products, infrastructure, and applications.
• Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
• Offer recommendations and guidance on effective risk mitigation strategies that align with business objectives and maintain appropriate security standards.
• Track emerging threats, evolving industry standards, best practices, and regulatory changes in order to proactively advise on necessary updates to policies, controls, or other measures required to strengthen and modernize our risk management posture.
• Effective evidence and 2nd line risk management process experience is critical for this role.
  
  

Security Architecture

• Provide guidance on secure cloud, network architecture, segmentation, and system hardening.
• Work with engineering teams to monitor and maintain secure configurations and access controls.
• Lead or advise on security reviews of new technologies and system changes.
• Carry out Security Architecture Integration by conducting ongoing or targeted architecture reviews to confirm that security is incorporated, integrated, and verified in designs and implemented services.
• Establish and uphold architectural security principles throughout the technology and services ecosystem.
• Assess and integrate security tools and technologies to support the enterprise security posture.
  
  

Security Assurance And Attestations

• Maintain documentation and evidence repositories to facilitate internal and external support.
• Utilize platforms such as SharePoint and Jira to ensure optimal assessment preparedness.
• Collaborate with control owners to monitor, address, and close findings efficiently.
• Enhance, and/or establish the model and process for the managing the independent assurance, testing and attestations. Support the management and execution of all structured assessments helping business and operational areas proactively minimize risk and the possibility of findings.
  
  

Awareness & Communication

• Develop and implement cybersecurity awareness programs designed for both technical and non-technical teams.
• Prepare concise communications regarding policy changes, risk advisories, and incident notifications.
• Deliver training sessions to stakeholders on security controls and risk management procedures.
  
  

What You’ll Need To Bring

• Bachelor’s / Master’s degree in Information Security, Computer Science, or related field.
• 12 to 15 years of experience in Information Security with a strong focus on risk management, network security, and security architecture.
• Hands-on experience in system/network administration (Windows/Linux/Cloud).
• Deep understanding of frameworks such as ISO 27001, NIST, PCI DSS, and COBIT.
• Proven experience in drafting and implementing security policies and technical standards.
• Strong knowledge of identity lifecycle management and access governance.
• Experience with audit documentation and evidence management tools (e.g., SharePoint, Jira).
• Excellent communication and stakeholder engagement skills.
  
  

Nice-to-Haves

• Certifications: CISSP, CISM, CISA, CRISC, or equivalent.
• Experience with GRC platforms and risk assessment methodologies.
• Familiarity with regulatory standards such as GDPR, CCPA, and other data protection laws.
• Exposure to cloud platforms (Azure, AWS) and security tools (e.g., Defender, CrowdStrike, Tenable).
• Knowledge of enterprise architecture frameworks and secure design principles.
  
  

Why You’ll Enjoy Working at Envestnet 

Help shape the future of WealthTech. At Envestnet you’ll gain hands-on experience and collaborate with some of the industry’s brightest minds to deliver meaningful, innovative solutions that make a real difference.

We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you’re looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future.

The opportunity is now!

Our Investment in You

At Envestnet, our total rewards philosophy is designed to attract, motivate, and grow exceptional talent. We offer competitive, market-aligned compensation complemented with performance-linked incentives and rewards programs that recognize and reward impact.

In addition, we provide a comprehensive suite of benefits - subject to Envestnet’s plan eligibility rules - that support your overall well-being, including medical insurance for you and your family, annual health check-ups, free online doctor consultations and telemedicine services, subsidized health club memberships, and an employee assistance program. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us.

Our Commitment to Inclusion & Belonging

Envestnet is an Equal Employment Opportunity employer and does not discriminate in employment on the basis of religion, race, color, caste, sex, gender, gender identity or expression, pregnancy, age, disability, medical condition, nationality, ethnic origin, marital status, or any other status protected under applicable Indian law. This commitment is in accordance with the Constitution of India and applicable labor and employment laws. All employment decisions are made solely based on merit, qualifications, performance, and business needs.

We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at [email protected]. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process.

Recruitment Fraud

At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.