Information Security Manager

Summary

Join StackAdapt as Information Security Manager and play a vital role in securing StackAdapt’s systems and information. You will detail and implement enterprise security processes and procedures, identify and remediate security gaps, and recommend improvements to the overall security posture. Responsibilities include undertaking cybersecurity activities, managing risks from internal and external threats, engaging with the Information Security community, and ensuring legal and regulatory compliance. You will craft, implement, and coordinate systems for analyzing security data and collaborate to remediate threats and vulnerabilities. StackAdapt is a ‘Remote First’ company, so this position is open to candidates located anywhere in North America. The role involves supporting strategic security initiatives, providing security consultancy, and overseeing vulnerability management. You will also prepare security awareness training, support penetration testing, manage incident response, and support secure identity and access management.

Requirements

• Experience in a wide range of cyber security domains, for example vulnerability management, security awareness, incident response, identity & access management, IT resilience, etc
• Experience interpreting internal/external business challenges and the industry environment, resulting in an ability to provide key recommendations in order to improve products, processes or services
• Strong communication skills, an ability to influence senior stakeholders and an ability to communicate information to audiences with varying backgrounds and domain knowledge
• 3+ years of work in a related field
• Bachelor’s degree (or higher) in Computer Science or a related field; or a combination of relevant education, experience, and training
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• An ability to develop specific expertise, discern patterns of complex threat actor behaviour, and communicate an understanding of current and emerging cyber threats
• Strong communication skills, both written and verbal
• Strong organisational and time management skills, as well as an ability to meet deadlines
• Strong analytical and evaluation skills
• Ability to work comfortably in fast-paced environments, subject to frequent change and/or unpredictability

Responsibilities

• Supporting the delivery of strategic security initiatives, as well as driving tactical security enhancements
• Providing security consultancy to individuals or projects led by the business, reviewing designs and following risk assessment/management procedures as required
• Supporting the design and implementation of secure baselines for operating systems, databases and business applications
• Overseeing vulnerability management procedures, including vulnerability scanning, reporting & analysis, validation, prioritisation and remediation
• Preparing and delivering security awareness training material for StackAdapt staff
• Supporting the facilitation of periodic attack & penetration testing exercises, including working alongside Engineering / Product Teams to remediate key findings
• Managing / supporting incident response activities, including the collection of event data, detailed analysis of audit logs and reporting
• Supporting the design and implementation of secure identity & access management policies across a wide range of IT solutions
• Lead the security governance, risk assessment, and control implementation for the organisation’s Disaster Recovery and Business Continuity (IT Resilience) program, ensuring alignment with regulatory requirements and industry best practices
• Supporting StackAdapt’s continuous efforts to meet compliance requirements, for example detailing and evidencing key security controls and mechanisms to external auditors

Preferred Qualifications

• Knowledge of different cyber security solutions and toolsets is beneficial (e.g. SIEM, EDR, SOAR, vulnerability scanning, email security gateways, internet proxies / gateways, etc.)
• Experience with cloud computing services is beneficial (e.g. AWS, Azure, GCP, etc.)
• Security / IT Audit Certification is beneficial (e.g. CISSP, CISA, CISM, CompTIA Network+, GSEC, CEH, etc.)
• Experience with one or more scripting languages is beneficial (e.g. Python, PowerShell, Ruby, Perl, Bash, Javascript, Go, etc.)

Benefits

• Competitive salary
• RRSP matching
• 3 weeks vacation + 3 personal care days + 1 Culture & Belief day + birthdays off
• Access to a comprehensive mental health care platform
• Full benefits from day one of employment
• Work from home reimbursements
• Optional global WeWork membership for those who want a change from their home office
• Robust training and onboarding program
• Coverage and support of personal development initiatives (conferences, courses, etc)
• Access to StackAdapt programmatic courses and certifications to support continuous learning
• Mentorship opportunities with industry leaders
• An awesome parental leave policy
• A friendly, welcoming, and supportive culture
• Our social and team events!