Senior Security Analyst

Addepar is a global data and AI platform empowering investment professionals to turn complex financial information into actionable intelligence. Addepar unifies portfolio, market and client data in a total portfolio view and delivers AI-powered insights within investment and client workflows. More than 1,400 firms in nearly 60 countries use Addepar to manage and advise on nearly $9 trillion in assets.

The Role

We are currently seeking a Senior Information Security & Risk Analyst to join our Information Security & Risk team as part of the expanding team within our Edinburgh, UK location. The successful candidate will have the opportunity to help take Addepar’s Information Security and Governance programs to the next level. The Information Security & Risk ('ISR') organization at Addepar is focused on establishing clear, simple and consistent control frameworks, and providing effective oversight of information security and technology activities. This organization plays a critical role in helping to balance risk‑taking activities and decisions with opportunities to manage risk. The successful candidate will be skilled in supporting high‑impact governance, risk and compliance programs that align to the size and maturity of our business. This is a hybrid role and will be 2 days per week in our Edinburgh office. Applicants must have, and maintain, the right to work in the United Kingdom from the first day of employment. Please note that visa sponsorship is not available for this role.

What You’ll Do

• Assist in the management of Addepar’s Client Due Diligence Program through the composition and maintenance of security collateral.
• Drive a more optimized Information Security and Risk Program, aligned with industry standard frameworks such as the NIST Cybersecurity Framework.
• Lead independent risk assessments of our environment focusing on our platform and its supporting third party and internally developed software, infrastructure, and tools.
• Support build‑out of an enterprise metrics program and risk reporting framework to communicate risk to senior management.
• Partner with control owners, engineers and other teams to facilitate reviews of new products and services, to ensure risks are identified, communicated, and mitigated.
• Support SOC2 reviews including project management, planning, and coordination across Addepar teams and external auditors.
• Maintain Addepar Information Security & Risk policies and standards, aligning to business and Client needs.
• Assist efforts on Data Governance and ensuring the right access controls are in place to support the program.
• Drive improvements and execution of risk and governance awareness programs.
• Work as part of a global operating team across multiple timezones.

Who You Are

• Extensive experience managing, consulting, auditing, or working in the fields of Information security or Technology Risk required.
• AWS Cloud Security experience preferred.
• Demonstrate strong analytical, communication, and problem solving skills.
• Experience identifying and communicating key risks related to cloud implementations and architectures.
• Ability to manage multiple high‑visibility and high‑impact projects while maintaining superior results.
• Familiarity with control frameworks (e.g. NIST Cybersecurity Framework, NIST 800‑53, ISO) and SOC2 audit compliance.

In addition to our core values, Addepar is proud to be an equal opportunity employer. We seek to bring together diverse ideas, experiences, skill sets, perspectives, backgrounds and identities to drive innovative solutions. We commit to promoting a welcoming environment where inclusion and belonging are held as a shared responsibility. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.