Information Security Manager (Fully Remote Opportunity)About the RoleAs our Information Security Manager, you’ll focus on our Application, Infrastructure, and Data Security/Privacy efforts. You will be responsible for setting enterprise-level security direction in alignment with our business strategy. You will bring a wide range of experience in the security domains of Security Operations, Risk, Compliance and Identity Management and the tools and philosophical approaches associated with each. Furthermore, you will be a subject-matter expert on all aspects of an Information Security Program, ensuring initiatives introduced meet business objectives and are aligned with our security architecture. Besides, you will also act as a change agent within the department and company by continually implementing industry standards and bestpractices across teams. You’d best contribute to security architecture and business strategic planning by providing objective feedback, insight, and recommendations. You’d also be responsible for leading investigations for incident response and reviewing system logs. As an active contributor to internal departmental process improvement, you’d become a role model and mentor to your many colleagues.Your first 90 days:In your first 30 days:Understanding of what we do and how we do it;
Review current state of affairs on security;
Understanding of gaps in security for SOC2 compliance.
In your first 60 days:
Taking ownership of SOC2 compliance
Begin setting up best practices.
In your first 90 days:
Complete ownership of everything security
Begin SOC2 audit and remediation.
Becoming the default escalation point.How you will add value:Design, build and implement enterprise-class security systems.
Lead planning, implementation, and testing of security systems, policies, proceduresand standards.
Provide advice and assistance to management concerning information security, privacy,and related matters.
Proactively identify, assess, manage, and mitigate potential threats to security.
Ensure that security policies and directives are consistently applied.
Evaluate information security systems, methods, and practices.
Develop and implement programs for employee security awareness.
Architect cloud security solutions using the AWS ecosystem.
Lead secure software development discussions with clients and their infosecteams/questionnaire.
Ensure data on our information system is protected to prevent unauthorized access.
Provide technical security leadership at the enterprise level.
Design solutions that balance security and business requirements.
Lead technical teams through the investigation, RCA, remediation and documentation ofsecurity incidents.
Effectively work with engineers, product managers, and other stakeholders. Collaboration is the name of the game!
Act as a point of escalation to individual contributors and Business leadership team.
Deliver dashboards and reports to a wide audience demonstrating our current programstate and adherence to framework standards.
Provide data privacy regulations, NIST standards, GDPR, CCPA, and others while implementing processes to ensure effective data protection controls.
Stay current with industry trends, attacks, mitigation measures, and application securitystandards.
Respond to client and vendor security assessments.
Train engineering teams and others on security best practices.You will be successful if you bring:8+ years of information security experience.
3+ years’ experience architecting/developing/maintaining cloud solutions SaaS/PaaS/IaaS environments.
A history of developing policies, standards, and best practices from the ground up in collaboration with other engineering and product leadership teams.
A self-starter mentality with the ability to lead and work with cross-functional teams.
Communication skills, empathy and expertise to instill confidence with external clients on data privacy and systems security.
A pragmatic approach to balancing security, user, and business requirements.
Knowledge of industry standard control frameworks (e.g. NIST, SOC2 etc.).
Knowledge of what it takes to be GDPR/CCPA compliant.
The mindset to work in a dynamic, fast-paced environment, prioritizing and delivering onevolving timelines.
Dependability traits and show a sense of urgency about getting results.
Excellent documentation skills and a care for tracking context and purpose, Bonus Points if you have.
Relevant certifications (e.g. CISSP, CISM, CCSP).
Interest in writing technical blog posts on security and privacy capabilities.#J-18808-Ljbffr