IT Information Security Manager

About The Position

Requirements

• Strong knowledge of information security frameworks (e.g., NIST, ISO 27001, SOC 2) and cybersecurity best practices.
• Proven track record of developing and managing effective security programs in a dynamic environment.
• Experience with risk assessment methodologies and GRC (Governance, Risk, and Compliance) platforms.
• Excellent leadership, strategic thinking, analytical, and problem-solving skills.
• Superior communication (written and verbal), negotiation, and interpersonal skills.
• Demonstrated ability to manage crisis situations and lead incident response effectively.
• Relevant certifications such as CISSP, CISM, or CompTIA Security+ are highly desirable.
• Deep expertise in global data privacy regulations (e.g., GDPR, CCPA, LGPD) and experience implementing robust privacy programs.
• Familiarity with the e-commerce, retail technology, or advertising technology ecosystem is a significant plus.

Responsibilities

• Manages the team responsible for ensuring the security of the organization's systems and information assets.
• Oversees the development and implementation of security systems, guidelines, and strategies.
• Implements processes and procedures to protect the organization against unauthorized access, use, disclosure, disruption, modification, and/or destruction.
• Conducts and reviews audits and risk assessments.
• Reviews and evaluates internal operations and controls.
• Oversees the migration of non-compliant environments to compliant environments.
• Ensures compliance with data protection guidelines and applicable laws.
• Develop, implement, and maintain a robust corporate compliance program that covers all relevant laws, regulations, and ethical standards.
• Define, establish, and continuously improve SmartCommerce's information security strategy, policies, and procedures.
• Lead risk assessments and develop mitigation strategies for compliance and security risks.
• Oversee the development and delivery of comprehensive compliance and security training programs for all employees.
• Manage and respond to internal and external audits related to compliance, security, and data privacy.
• Stay abreast of evolving regulatory landscapes, industry best practices, and emerging threats.
• Develop and manage incident response plans for security breaches and compliance violations.
• Collaborate closely with relevant departments to ensure that new products and features are designed with 'privacy by design' and 'security by design' principles.
• Oversee third-party vendor risk management programs related to data security and compliance.
• Establish and manage relevant certifications and compliance frameworks.
• Prepare and present regular reports on compliance and security posture to the executive team.
• Lead, mentor, and potentially build a team of compliance and security professionals.
• Manage non-platform infrastructure, including user technical support, access requests, terminations.

Benefits

• Health Care Plans (Medical, Dental & Vision)
• Retirement Plan (401k, Profit Sharing)
• Life Insurance (Basic, Voluntary & AD&D)
• Long-Term Disability
• Short-Term Disability
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Work From Home
• Wellness Resources