Information Security Manager

Summary

Join StackAdapt as Information Security Manager and play a vital role in securing the company's systems and information. You will implement and improve enterprise security processes, identify and remediate security gaps, and recommend measures to enhance the overall security posture. Responsibilities include undertaking cybersecurity activities, managing risks from internal and external threats, engaging with the Information Security community, and ensuring legal and regulatory compliance. You will leverage your knowledge of industry frameworks to craft and implement security systems, collaborate with the Information Security department to remediate threats, and contribute to the organization's Disaster Recovery and Business Continuity program. StackAdapt is a 'Remote First' company, so this position is open to candidates located anywhere in North America. The role requires experience in various cybersecurity domains, strong communication skills, and the ability to work in a fast-paced environment.

Requirements

• Experience in a wide range of cyber security domains, for example vulnerability management, security awareness, incident response, identity & access management, IT resilience, etc
• Experience interpreting internal/external business challenges and the industry environment, resulting in an ability to provide key recommendations in order to improve products, processes or services
• Strong communication skills, an ability to influence senior stakeholders and an ability to communicate information to audiences with varying backgrounds and domain knowledge
• 3+ years of work in a related field
• Bachelor’s degree (or higher) in Computer Science or a related field; or a combination of relevant education, experience, and training
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• An ability to develop specific expertise, discern patterns of complex threat actor behaviour, and communicate an understanding of current and emerging cyber threats
• Strong communication skills, both written and verbal
• Strong organisational and time management skills, as well as an ability to meet deadlines
• Strong analytical and evaluation skills
• Ability to work comfortably in fast-paced environments, subject to frequent change and/or unpredictability

Responsibilities

• Supporting the delivery of strategic security initiatives, as well as driving tactical security enhancements
• Providing security consultancy to individuals or projects led by the business, reviewing designs and following risk assessment/management procedures as required
• Supporting the design and implementation of secure baselines for operating systems, databases and business applications
• Overseeing vulnerability management procedures, including vulnerability scanning, reporting & analysis, validation, prioritisation and remediation
• Preparing and delivering security awareness training material for StackAdapt staff
• Supporting the facilitation of periodic attack & penetration testing exercises, including working alongside Engineering / Product Teams to remediate key findings
• Managing / supporting incident response activities, including the collection of event data, detailed analysis of audit logs and reporting
• Supporting the design and implementation of secure identity & access management policies across a wide range of IT solutions
• Lead the security governance, risk assessment, and control implementation for the organisation’s Disaster Recovery and Business Continuity (IT Resilience) program, ensuring alignment with regulatory requirements and industry best practices
• Supporting StackAdapt’s continuous efforts to meet compliance requirements, for example detailing and evidencing key security controls and mechanisms to external auditors

Preferred Qualifications

• Knowledge of different cyber security solutions and toolsets is beneficial (e.g. SIEM, EDR, SOAR, vulnerability scanning, email security gateways, internet proxies / gateways, etc.)
• Experience with cloud computing services is beneficial (e.g. AWS, Azure, GCP, etc.)
• Security / IT Audit Certification is beneficial (e.g. CISSP, CISA, CISM, CompTIA Network+, GSEC, CEH, etc.)
• Experience with one or more scripting languages is beneficial (e.g. Python, PowerShell, Ruby, Perl, Bash, Javascript, Go, etc.)

Benefits

• Competitive salary
• RRSP matching
• 3 weeks vacation + 3 personal care days + 1 Culture & Belief day + birthdays off
• Access to a comprehensive mental health care platform
• Full benefits from day one of employment
• Work from home reimbursements
• Optional global WeWork membership for those who want a change from their home office
• Robust training and onboarding program
• Coverage and support of personal development initiatives (conferences, courses, etc)
• Access to StackAdapt programmatic courses and certifications to support continuous learning
• Mentorship opportunities with industry leaders
• An awesome parental leave policy
• A friendly, welcoming, and supportive culture
• Our social and team events!