Information Security Lead Engineer

Geoforce

11d

About The Position

We are looking for a Manager of Information Security who will lead the information security strategy and security operations within Geoforce Inc. Reporting to the VP of Software Engineering, the Manager of Information Security serves as the organization’s key cybersecurity authority, responsible for establishing, managing, and continually enhancing a robust, enterprise-wide information security program. This role provides strategic direction, helps in maintaining regulatory compliance, leads incident response efforts, leads customer information security questionnaire responses, and fosters a strong security culture across the enterprise. The role also governs relationships with third-party vendors and managed security partners and drives business-aligned risk management and resiliency efforts.

Requirements

Experience: 3+ years in information security leadership roles, with expertise in managing enterprise-wide programs. Hands on experience in implementing security assessment tools.
Technical Proficiency: Extensive knowledge of cybersecurity principles, tools, technologies, risk management, and compliance frameworks (NIST, CIS, ISO, SOCII).
Certifications: CISSP, CISM, or equivalent strongly preferred.
Communication Skills: Strong ability to articulate security concepts to non-technical customers, stakeholders, and executive leadership.
Leadership: Collaborating with cross-functional teams and managing vendor relationships, including MDR (Managed Detection and Response) and performance measurement.

Responsibilities

Develop, implement, and maintain the organization's information security and data privacy strategy, policies, and governance framework, aligning with frameworks such as NIST CSF 2.0, ISO, SOC II Type 2 and CIS Controls.
Serve as a trusted advisor to leadership on cyber risk, regulatory/compliance obligations (e.g., GDPR, CCPA), and emerging threats.
Manage key performance indicators (KPIs) and dashboards to measure program effectiveness and foster continuous improvement.
Develop and communicate a roadmap for the privacy & security program that balances business enablement with risk mitigation.
Lead security related projects and deliverables for security as well as external department projects.
Implement third-party vendor risk management program, including onboarding security reviews and continuous monitoring.
Build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
Develop alerting and detection strategies to identify malicious or anomalous behavior.
Develop new and novel defensive techniques to identify or counteract changes in adversary techniques and tactics.
Dissect network, host, memory, and other artifacts originating from multiple operating systems and applications.
Investigate enterprise-wide operations to uncover sophisticated and undetected threats.
Partner closely with other members of the Information Security team to lead changes in the company's network defense posture.
Identify and implement core security platform needed to maintain security within Geoforce Infrastructure, Networking, and IT systems. Platforms may include EDR, SIEM, Secure email gateways etc.
Lead customer communications and documentation around the InfoSec processes, documentation and certifications.
Development and Governance of Security Policies and Procedures including SOC II Type2 audit readiness.
Lead and enhance the Security Awareness Training (SAT) program (e.g., KnowBe4), including phishing simulations and compliance reporting.
Advocate for a security-first culture across IT, software development, and business team through ongoing engagement, communication, and training.