Information Security Engineer
CurrentAcorns' first Security Engineer, developed organizational security strategy, processes, and policies based on regulatory and financial compliance, as well as a model of information security maturity. Collaborated directly with executives and department heads to evaluate identify and remediate risks.Major accomplishments include:- Developed security policies and procedures based on financial and regulatory requirements, evolving them based on the needs of the organization.- Implemented and managed account takeover protection system, defined standard operating procedures, and partnered with internal fraud teams in their investigations.- Advanced the Acorns incident response plan including developing standard operating procedures, evaluating and retaining third-party forensic team, and performing table top exercises with CIRT and executives.- Championed a Multi-Factor Authentication (MFA) initiative and collaborated closely with design and engineering teams to develop secure flow for customers.- Promoted a "Security First" culture through interactive computer-based training, close collaboration with department "security champions", and regular meetings with department leads and executives.- Developed and maintained vulnerability management program including web and mobile application testing, workstation and container vulnerability scanning, bug bounty program management, and producing and reviewing remediation statistics with executives.