Overview
As a Senior Security Lead at Origami, you will be responsible for ensuring the security and integrity of our cloud environments, including infrastructure, applications, and data, as well as security for the organization as applicable. This role will be pivotal in shaping our security strategy, identifying and remediating risks and vulnerabilities, managing vendors, ensuring physical security, and leading security discussions with customers.
Responsibilities
- Develops and implements robust security strategies and goals to protect Origami assets and ensure compliance with regulatory requirements.
- Oversees the selection and implementation of security tools and develops a comprehensive incident response model.
- Sets and achieves security performance targets, continuously improving Origami’s security posture.
- Manages relationships with security vendors, ensuring they meet our security standards and deliver value.
- Acts as the main liaison for all security related vendor management activities, including our MSSP.
- Collaborates with the CISO to define and execute a comprehensive cyber security strategy for Origami Risk, aligned with the organization's security objectives and IT strategies.
- Identifies security goals, priorities, and initiatives based on industry best practices, business requirements, and risk assessments.
- Collaborates with GRC to drive operational excellence by monitoring and measuring the effectiveness of security controls, conducting regular assurance and assessments, and implementing continuous improvement initiatives.
- Creates guidelines and standards for the secure use of cloud technologies.
- Evaluates new tool/vendor security posture and proof of concept use cases and integrations.
- Ensures the physical security of office premises, implementing measures to safeguard against threats.
- Prioritizes security vulnerabilities and cloud misconfigurations based on risk and potential impact.
- Continuously assesses and improves security processes, procedures, and systems to address emerging threats and vulnerabilities and enhances the overall security posture of our SaaS cloud environments.
- Leads security discussions with customers and prospects, addressing their concerns and demonstrating our commitment to security.
- Other duties as assigned.
Qualifications
- Bachelor’s Degree required.
- 7+ years of Information Technology experience, with demonstrated, hands-on experience across multiple domains, e.g., Application CICD, Cloud Infrastructure, Endpoint Management/Defense, Information Security products.
- 2+ years of direct Cloud IaaS/PaaS experience, AWS preferred.
- Motivated self-starter capable of working independently while also collaborating with other team members.
- Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
- Demonstrated experience managing security vendors and third-party relationships
- Experience identifying, prioritizing, and remediating vulnerabilities.
- Knowledge of industry best practices related to tiered security architecture design.
- Ability to create reference architecture diagrams, security standards, and other documentation.
- (Preferred) Experience with Cloud Security Alliance (CSA), FISMA & FedRAMP compliance, ISO 27001/2 and NIST 800-53 security controls
- (Preferred) Relevant security certifications (i.e., CompTIA Security+, CISSP, CISA)
- (Preferred) Working knowledge of security frameworks, development, test, and deployment models.
Who We Are
Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app.
Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment.
Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.