InfoSec Risk Consultant

Description

Job Location

The primary work location for this role is Trivandrum, India with a hybrid/remote work model.

About Envestnet

Envestnet is an adaptive WealthTech company that is redefining the future of wealth management by helping advisors meet the moment with its comprehensive technology, actionable insights, and industry leading support. Backed by over 25 years of experience and approximately $7.0 trillion in platform assets, Envestnet is trusted by over one third of financial advisors across leading banks, wealth managers, brokerages, and RIAs.

For a deeper look at how Envestnet is shaping the future of financial advice, visit www.envestnet.com.

The Team You'll Join

You will join Envestnet's Technology team, where we design, build, and maintain scalable, secure, and robust WealthTech solutions that power the future of financial advice. The team collaborates closely with product, operations, and business stakeholders to drive innovation, enhance efficiency, and enable sustainable growth. Guided by modern engineering practices and a commitment to domain excellence, technical rigor, and collaboration, the Technology team ensures our platforms remain resilient, adaptable, and aligned with evolving business needs making it a core driver of Envestnet's long term success.

How You'll Contribute

As a Consultant on the Information Security Risk team, you will report to the Principal Director of Information Security Risk and play a key role in executing the firm's technology risk management activities. In this role, you will serve as a trusted security subject‑matter expert, providing risk insight, guidance, and hands‑on support across the organization. You will contribute by:

• Perform Security Risk Assessments (SRAs) across applications, infrastructure, cloud platforms, and third‑party integrations to identify threats, vulnerabilities, and business impact.
• Determine inherent and residual risk levels using established risk taxonomies, scoring methodologies, and impact criteria aligned to enterprise standards.
• Evaluate the design and effectiveness of technical, administrative, and operational security controls against identified risks.
• Partner with technology, product, infrastructure, and architecture teams to design, recommend, and refine controls that mitigate risk to acceptable levels.
• Operate and leverage continuous risk monitoring tools (e.g., vulnerability management, configuration and cloud posture monitoring) to detect changes in risk posture.
• Analyze monitoring outputs to identify emerging risks, control degradation, and remediation needs.
• Own the lifecycle of identified risks, including documentation, remediation planning, validation of corrective actions, and risk closure.
• Produce clear, actionable risk reporting, metrics, and dashboards that communicate severity, trends, and priority issues to Information Security and technology leadership.
• Execute firmwide GRC activities such as RCSAs, risk acceptances and exceptions, and policy‑driven risk assessments.
• Maintain accurate and current risk data within enterprise GRC and workflow tooling to support aggregated reporting and second‑line oversight.
• Act as a trusted security risk advisor by translating technical findings into clear business risk context and supporting risk‑informed decision‑making.
• Partner closely with 2nd Line Risk & Assurance functions by providing high‑quality risk artifacts and evidence, without performing independent assurance activities.
  
  

What You'll Need To Bring

• 7+ years of experience in information security, cybersecurity risk management, or technology risk.
• Hands‑on experience performing Security Risk Assessments and documenting risk scenarios, impacts, controls, and conclusions.
• Strong understanding of security control frameworks (NIST CSF, NIST SP 800-53) and risk methodologies.
• Demonstrated experience evaluating control effectiveness and supporting remediation planning.
• Familiarity with continuous monitoring concepts and tools (e.g., vulnerability management, CSPM, configuration monitoring).
• Ability to clearly document and communicate security risk to both technical teams and non‑technical stakeholders.
• Strong analytical, writing, and organizational skills with attention to detail.
• Experience operating in fast‑paced, matrixed environments with multiple stakeholders.
  
  

Nice-to-Haves

• Knowledge of Investment Banking or Wealth Management.
• Resourceful and proactive in resolving technical challenges.
• Experience working within a Three Lines of Defense operating model, particularly in financial services or other regulated environments.
• Hands‑on experience with Jira‑based risk workflows or enterprise GRC platforms.
• Cloud security and AI risk assessment experience.
• Relevant certifications such as CISSP, CISM, CCSP, or equivalent.
  
  

Why You'll Enjoy Working at Envestnet 

Help shape the future of WealthTech. At Envestnet you'll gain hands-on experience and collaborate with some of the industry's brightest minds to deliver meaningful, innovative solutions that make a real difference.

We value flexibility in how and where work gets done, and we recognize strong performance with meaningful rewards—because your contributions should drive both business success and your own personal growth. If you're looking for a place where your work has impact, your development is supported, and your contributions are truly valued, Envestnet is where you can build your future.

The opportunity is now!

Our Investment in You

At Envestnet, our total rewards philosophy is designed to attract, motivate, and grow exceptional talent. We offer competitive, market-aligned compensation complemented with performance-linked incentives and rewards programs that recognize and reward impact.

In addition, we provide a comprehensive suite of benefits - subject to Envestnet's plan eligibility rules - that support your overall well-being, including medical insurance for you and your family, annual health check-ups, free online doctor consultations and telemedicine services, subsidized health club memberships, and an employee assistance program. Our investment in you means supporting you professionally, financially, and personally at every stage of your journey with us.

Our Commitment to Inclusion & Belonging

Envestnet is an Equal Employment Opportunity employer and does not discriminate in employment on the basis of religion, race, color, caste, sex, gender, gender identity or expression, pregnancy, age, disability, medical condition, nationality, ethnic origin, marital status, or any other status protected under applicable Indian law. This commitment is in accordance with the Constitution of India and applicable labor and employment laws. All employment decisions are made solely based on merit, qualifications, performance, and business needs.

We strive to provide an inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation, please contact us at [email protected]. Please include your full name, the title of the role you are applying for, and the accommodation necessary to assist you with the recruiting process.

Recruitment Fraud

At Envestnet, safeguarding the trust and safety of job seekers is a top priority. We are aware that scammers may impersonate Envestnet recruiters or create fake job opportunities to deceive candidates. Review the information on our recruitment fraud awareness page to help you recognize and avoid recruitment fraud.