Information Security Manager

Summary

Join Storyblok, a leading headless CMS company, as their Information Security Manager. You will design and implement the company's information security strategy, manage risk and vulnerability assessments, lead incident response, and ensure compliance with relevant regulations and standards. This role requires strong experience in information security, proven success with certifications like FedRAMP and ISO 27001, and excellent communication and problem-solving skills. Storyblok offers a remote-first work environment with various benefits, including a monthly remote work stipend, home office equipment, paid time off, a personal development fund, and an annual international team-building trip. The company is committed to diversity and inclusion and offers a supportive and collaborative work environment.

Requirements

• More than 7 years relevant experience in Information Security or Cybersecurity
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Proven experience in successfully implementing Fedramp and at least one more information security related certification like ISO 27001, SOC, NIST
• Experience with setting up and maintaining an information security environment in a remote setup
• Professional certifications such as, CISM (Certified Information Security Manager), ISO 27001 LI or equivalent
• Work experience in a company that is ISO 27001 and Fedramp certified
• Strong experience with MDM, Authentication Management, Infrastructure and other information security-relevant tools
• Strong analytical, problem-solving, and decision-making skills
• Excellent communication and interpersonal skills
• Ability to manage multiple projects and priorities in a fast-paced environment

Responsibilities

• Design the information security strategy, document it, and enable the team
• Design a strategy and a road map for Storyblok’s information security management system
• Develop, implement, and maintain information security policies, guidelines, documentation, and processes
• Align security policies with Storyblok’s goals and regulatory requirements
• Manage the roll-out of information security changes and ensure policies are communicated and enforced throughout the company
• Enable and train the team on security-related topics
• Ensure that risk and vulnerability assessment activities are carried out according to the ISO 27005 Standard
• Identify any vulnerable areas within the company by actively reviewing results from risk assessments and proposing immediate mitigation steps
• Actively review reports from pentests and ensure timely resolution by the product team
• Lead the incident response process for security breaches and coordinate the process with all relevant teams
• Develop and maintain an incident response plan
• Coordinate with relevant teams to investigate and respond to security incidents
• Ensure compliance with relevant laws, regulations, and certification standards (e.g., GDPR, ISO, Fedramp, Privacy Acts)
• Prepare for and manage security audits - ISO, Fedramp - to maintain or receive certificates
• Implement corrective actions and strategies based on audit findings
• Stay updated on the latest security trends, technologies, and standard updates
• Oversee the implementation and maintenance of security technologies or tools
• Monitor our information security landscape and ensure these systems' secure configuration and management
• Design automated, scalable, and efficient information security solutions
• Collaborate with multiple internal teams to improve our information security system
• Mentor and coordinate team members who are part of our information security processes to complete projects successfully
• Support other team members with their security questionnaires and vendor process
• Promote a culture of security awareness within the organization
• Lead the communication with any external security-relevant parties

Preferred Qualifications

• Experience with Google Workspace
• Experience with security information and event management (SIEM) systems
• Knowledge of cloud security principles and practices
• Experience in incident response and digital forensics
• Understanding of secure software development practices
• Knowledge about Cybersecurity
• Good GDPR and Privacy skills
• CISSP (Certified Information Systems Security Professional)

Benefits

• Monthly remote work stipend (home internet costs, electricity)
• Home office equipment package right at the start (laptop, keyboard, monitor…)
• Home office equipment upgrade (furniture, ear plugs …) or membership to a local co-working space after your onboarding
• Sick leave benefit, parental leave and 25 days of annual leave plus your local national holidays
• Personal development fund for courses, books, conferences, and material
• VSOP (Virtual Stock Option Plan)
• The annual international team-building trip, quarterly and monthly online get-togethers
• As a fully remote company, with work-life balance at its core, you’ll enjoy flexible schedules
• An international team that loves to have fun at work and works hard together to accomplish shared goals
• Remote (home) work opportunity or funded by Storyblok co-working space