Information Security Manager
Information Security Manager
We’re currently searching for an experienced and driven individual to join our team in the role of Information Security Manager. The successful candidate will work remotely in locations throughout the Atlantic and East Coast time zones.
In this role, you will be working within the company’s Product team. You will work closely with the Senior Director of Product to maintain the organization’s information security management program and deliver subject matter expertise to a wide range of Securicy customers.
This role will focus highly on the security of the company and deliver advisory to Securicy customers as a subject matter expert. You will also be responsible for service delivery management of various services such as penetration testing, vCISO services, and implementation projects for standards and regulations such as SOC2, ISO 27001, NIST 800-171 / CMMC, GDPR, and HIPAA.
For this role, we ask that you have experience or familiarity with several information security frameworks and standards such as ISO 27001, NIST CSF, NIST 800-171, SOC2, etc.
We also ask that you provide your resume in PDF format.
Responsibilities include but are not limited to:
- Interacting with customers to discover/define security requirements and solve real-world problems.
- Taking on additional responsibilities as the company scales and being challenged by the Senior Director of Product as deemed appropriate for your development in your role.
- Building and managing relationships with consulting and auditing partners.
- Project management and service delivery management of advisory services, penetration testing and other professional services.
- Managing Securicy's information security program
- Policy development, review, approval and sign-off.
- Working with the Senior Director of Product and the CTO to produce and prepare artifacts for certification audits.
- Translating complex security framework requirements into simple and readable policies, tasks and control activities.
- Analyzing policy content for gaps against various information security frameworks and standards
- Working with the Senior Director of Product in the research, scoping, planning and execution of product plans to incorporate new frameworks and regulations into existing content across the application.
Additional Responsibilities May Include:
- Keeping on top of changes to existing frameworks and standards, applying changes and continuous improvement into application content.
- Writing policy content.
- Writing additional helpful content to assist customers in the implementation and maintenance of policies.
- Writing and organizing the content in a product that helps people secure trust in their customers.
Experience or familiarity with several information security frameworks and standards such as ISO 27001, NIST CSF, NIST 800-171, SOC2, etc.
Core Skills and Experience:
- Ability to interpret and apply theory into practice.
- Outstanding written communication skills.
- English written and oral fluency is paramount.
- French written and oral fluency is a bonus.
- 1-3 years minimum working in information security is a must.
- A strong understanding of information security is a must.
- Strongly recommend having experience writing security policies.
- Helpful certifications include ISO Implementer/auditor, CISSP, CISA, etc.
- Experience with SOC2 type I or type II a bonus.
- A willingness to engage in opportunities for professional development.
- Display clear motivation about collaborating and communicating closely with other teams and stakeholders.
- Be willing to collaborate and assist teammates, share knowledge and experience with them, and learn from their expertise and experience.
- Be open to receiving feedback and constructive criticism.
- Be prepared to give feedback and constructive criticism.
- Be a continuous learner and pursue self-improvement opportunities.
- Stay motivated about and remain current on industry trends and research in application, cybersecurity and information security.
More About Securicy:
High-growth companies use the Securicy platform to implement information security practices that win business.
It is becoming increasingly difficult for organizations to function in today’s technological world without having a proper data security plan. Enterprise organizations lead this charge, as they will not work with vendors who can’t prove their data to be secure. Startups and growing companies lose significant deals due to providing inaccurate or insufficient answers to confusing security questionnaires. They also leave themselves vulnerable to cyber-attack and data breaches.
Our web-based software enables organizations to efficiently implement, maintain and demonstrate a strong information security program. Securicy's software has navigated companies through the complex security requirements of major players like Microsoft, Netflix, National Bank, Target and more.