Information Security Manager

About The Position

Requirements

• Information Security Experience 7+ years of progressive experience in information security, including leading compliance and risk management within a high-growth technology environment.
• SaaS Compliance Expertise Hands-on experience in leading or successfully completing external audits for key compliance frameworks like SOC 2 or ISO 27001 in an Enterprise SaaS setting.
• Cloud Infrastructure Auditing Strong knowledge and practical experience auditing security controls and services within a major cloud provider, preferably AWS and GCP, running containerized and serverless workloads.
• Security Incident Lifecycle Proven ability to develop, implement, and execute a formal Incident Response Plan (IRP) and manage security crises.
• Communication and Stakeholder Management Exceptional skills in presenting complex security topics to technical teams, executives, and external customers (RFI/Diligence).

Nice To Haves

• Security Certifications Active professional security certification such as CISSP, CISM, or CISA.
• DevSecOps Integration Experience integrating security tools and practices directly into the CI/CD pipeline and automated deployment processes.
• Policy Automation/Scripting Proficiency in a common scripting language (e.g., Python) used for security operations, automation, or security tool management.
• Third-Party Risk Management Direct experience in leading a Vendor Security Assessment Program (VSAP) to evaluate and mitigate third-party risk.

Responsibilities

• Security Program Leadership: Define, implement, and continuously mature the organization's comprehensive information security strategy, policies, and risk management framework.
• Compliance Oversight (SOC 2/FedRAMP/Cyber Essentials+): Drive and successfully complete all major enterprise security compliance efforts, primarily SOC 2 and FedRAMP, Tx-RAMP, and Cyber Essentials+, ensuring continuous audit readiness and successful certification.
• Incident Response & Management: Develop, manage, and lead the Security Incident Response (IR) program, acting as the primary incident commander during security events.
• Customer Security Assurance: Serve as the subject matter expert responsible for handling all client-facing security inquiries, RFIs, and contract reviews to assure customer confidence in our security posture.
• Cloud Security Governance: Establish and enforce security controls and best practices specifically within the AWS cloud infrastructure, focusing on secure configuration and IAM.
• Risk & Vulnerability Management: Oversee the continuous identification, assessment, and remediation of security risks and vulnerabilities across the organization's infrastructure and applications.

Benefits

• Health & Wellness: Company-covered Healthcare Coverage plans for you and your family, including HSA, PPO, Vision, Dental and Mental Health Wellness plans.
• Retirement & Financial: 401(k) through Empower with company match up to 6% of your annual salary.
• Paid Time Off (PTO): Flexible-use PTO, unaccrued and uncapped, subject to manager approval.
• Parental Leave: 12 weeks of paid parental leave, with an additional 4 weeks paid for birthing parents.
• Equity: Opportunity to own Stock Options in the company.