ABOUT SUSTAINALYTICS – a Morningstar company

Sustainalytics – a Morningstar company has been a leading independent provider of Environmental, Social and Governance (ESG) research for the last 25 years. Our insights are used by clients to make better informed investment decisions, engage with companies in relation to their business activities and drive change. Sustainalytics is a growing organization with 800 employees and 17 offices globally. In 2020, Sustainalytics has joined Morningstar, a leading provider of independent investment research.

We have a flexible and supportive working culture and empower our employees to progress and develop quickly in an entrepreneurial environment.

Under COVID-19 circumstances, all Sustainalytics employees are now working from home. More than ever, ESG factors are critical to building a more ethical and sustainable global economy. Our teams need passionate colleagues to join us in delivering quality research products to our clients worldwide.

Our recruitment and selection process is continuing via phone or video meetings. New team members are onboarded and start their first day with the company from the safety of their homes.

We rely on virtual team meetings and management practices, as well as a remote buddy program, to support a smooth integration in our virtual offices.


ABOUT THE TEAM

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information.

The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

POSITION PURPOSE & KEY RESPONSIBILITIES

  • Collaborate with development teams and security champions across the organization to architect secure products
  • Contribute to secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current security architecture strategies and models
  • Develop and enhance internal security processes, programs, and procedures
  • Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications, and platforms
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver training as needed.
  • Document secure coding guidelines and run training programs to assist internal development personnel
  • Identify web application security vulnerabilities and offer remediation advice

QUALIFICATIONS

  • A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role, or equivalent experience
  • We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
  • Excellent communication skills and a strong understanding of software development, architecture, and application security
  • A strong understanding of security best practices in Java, JavaScript (and supporting frameworks), .NET, and Python programming languages
  • Experience architecting and deploying applications securely in cloud environments
  • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Prior development experience preferred
  • Splunk experience preferred

APPLICATION & INTERVIEW PROCESS

In keeping with our ongoing efforts to represent the diversity of our community, we strongly encourage people from diverse groups to apply. Sustainalytics is committed to providing accommodations for individuals with disabilities, upon request.

Sustainalytics thanks all applicants for their interest, however only those applicants requested to participate in the interview process will be contacted.

Your privacy while being in contact with Sustainalytics is one of our fundamental commitments here. Review our Privacy Policy to find out more about how we handle the personal data you provide us during the recruitment process.