Information Security Manager

Your Role

• We are seeking a talented, motivated Manager of Application Security to lead our application security program. This role is critical in protecting our platform, customer data, and internal systems from evolving cyber threats. The ideal candidate will have a strong background in app security architecture, risk management, compliance, and team leadership within a fast-paced technology environment. The ideal candidate will have excellent communication skills and the ability to collaborate effectively with cross-functional teams. 

Key Responsibilities

• Strategy and Leadership: Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices. Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization. Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics. Evaluate and recommend new application security technologies and tools to enhance the organization's security posture.
• Appication Security Operations and Architecture: Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management. Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints. Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues.
• Risk and Compliance: Maintain an application security risk management framework, identifying, analyzing, and treating risks. Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR). Maintain and enforce application security policies, standards, and procedures. Liaise and coordinate internal and external security audits.
• Incident Response: Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery. Conduct post-incident reviews to identify root causes and implement preventative measures.
• Team Leadership: Manage, mentor, and develop the application security team. Assist in managing the security budget and resources effectively. Work with team members to define what success looks like, sets goals, defines metrics and tracks progress.        

Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
• 5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company.
• Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless).
• Strong knowledge of, vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring,  incident response, application security, and data protection technologies.
• Proven experience developing and managing an enterprise-level information security program.
• Relevant security certifications such as CISSP, CISM, or CISA.
• Technical Skills: • Familiarity with common exploitation techniques, attack vectors, and defensive strategies.• Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies.• Understanding of generative AI and its usage within security and engineering as well as best practices.• Identity Management and Cloud Security.
• Soft Skills: • Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences. • Strong leadership, organizational, and project management abilities.• Excellent problem-solving and decision-making skills. 
• Must be authorized to work in the US without sponsorship. SPONSORSHIP IS NOT AVAILABLE.