About the Role:

We are looking for a Sr Manager, Infosec who understands how to communicate and set clear and concise expectations for a corporate information security team by creating comprehensive roadmaps. This Sr Manager will be able to identify pain points and target areas of improvement through automation.

If you're passionate about information security, and helping business owners then we want to chat. Are you ready to revolutionize the small business banking industry with us?

Responsibilities:

• Manage and improve our Apple/Chromebook MDM program to follow NIST/CIS standards.
• Support a centralized asset management and computer lifecycle program.
• Manage and improve Google workspace automation leveraging GAM scripts and methods.
• Plan, design and execute SSO/SAML authentication across all available third party applications.
• Plan, design, and execute a target operating model that provides the necessary infosec competencies to protect how the organization chooses to operate and in line with the company’s values.
• Plan, design and execute an endpoint detect and response procedure.
• Plan, design and execute a data loss prevention program.
• Experience with zero-trust networks.
• Manage day-to-day security controls and configurations of IT environments through a number of security monitoring tools.
• Experience with contract and vendor negotiations and management including managed services.
• Oversee cybersecurity audits and due diligence during the process for onboarding new partners and vendors.
• Serve as a key liaison and manage expectations between internal teams (including Engineering) and internal/external auditors.
• Design and implement IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls, particularly for new system or process control readiness.
• Plan, purchase, and implement cybersecurity hardware and software; oversee that Technology and network infrastructure is designed to adhere to relevant cybersecurity frameworks and architectural principles
• Drive organizational strategic decision-making, system implementations, and the adoption of new processes and procedures as part of continuous evaluation and improvement of the cybersecurity of the organization’s infrastructure
• Coordinate and communicate root cause analysis in breaches, outages, and disruptions related to cybersecurity, and direct continuous improvements to avoid similar issues in the future
• Lead the successful completion of audit processes.
• Serve as the compliance subject matter expert and point of contact to Internal and External Auditors. (Soc 2, ISO 27001, etc).
• Assist technical teams with creation and implementation of IT controls objectives.
• Keep abreast of developing cybersecurity threats, and help leadership understand potential cybersecurity problems that might arise from strategic decisions
• Influence peers and senior leaders in other business units to build a strong cybersecurity culture

Requirements for the Role:

• You have a BS in Computer Science, Engineering, Cybersecurity, Management Information Systems (MIS), IT
• Minimum of 8-10 years of experience in a combination of information security and IT jobs within the technology or media industry
• Knowledge of common information security management frameworks such as SOC 2, NIST Cybersecurity Framework, and privacy frameworks (CCPA and GDPR)
• Demonstrated ability to effectively communicate complex security technology matters in an easy-to-understand manner to executives, teams and individual contributors across the organization
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams

How We Define Success:

• Improve efficiency of vulnerability assessment process
• Improve patch management process
• Improve security related incident management process
• Improve audit management activities
• Increase awareness on information security among employees
• Improve risk management process
• Improve asset management systems and procedures

Nice to Have, But Not Required:

• CISSP, CISM, or CISA certification is a plus
• Experience in managing help desk/ security people
• Project management/ people management skills

#LI-CD1 #LI-CC1 #LI-Hybrid