Information Security Manager/Senior Manager

Summary

Join Polly's Information Security team as a leader, securing and growing a world-class mortgage technology ecosystem. You'll leverage your 5+ years of experience in enterprise information security and cloud technology to develop and oversee all information security operations. This unique opportunity allows you to shape Polly's security culture, leading security strategy and cross-functional teams. You'll perform SOC2 compliance, penetration tests, and BCP/DR scenarios, conduct security reviews, and evolve Polly's threat monitoring capabilities. The role requires expert-level skills in areas like access management and vulnerability scanning, along with strong communication and risk management abilities. Polly offers competitive salaries, comprehensive insurance, unlimited PTO, and a remote work environment.

Requirements

• 5+ years of enterprise information security or relevant technology experience, including with cloud technologies; B2B and SAAS preferred
• Ability to communicate information security requirements to non-technical security stakeholders
• Deep understanding of risk management principles and strong understanding of incident management and security operations
• Expert-level experience in at least some of the following areas: access management in a cloud computing environment, vulnerability scanning, third-party risk assessment, SIEM management, business continuity or disaster recovery
• Familiarity of regulatory requirements such as GLBA and CCPA and frameworks such as NIST and ISO 27002

Responsibilities

• Perform annual SOC2 compliance, penetration tests, and BCP/DR scenarios
• Own, develop, implement, and report to the Board of Directors on the short and long term security strategy and goals in alignment with Polly’s business objectives and culture
• Conduct in-depth security reviews and risk assessments of core corporate and production infrastructure to identify gaps, come up with recommendations, and implement proposed solutions
• Evolve Polly’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents
• Respond to security audits and security assessment requests
• Maintain awareness of current and emerging threats, specifically those within the financial services sector, to ensure cloud environments are properly secured, monitored and documented
• Oversee management of information security tools, contracts, documentation, policies and processes to ensure an operating environment that is sound, sustainable and compliant with company policies and requirements
• Assess and identify security controls for sensitive and regulated data, and refine and oversee Polly’s compliance programs aligned with SOC2
• Resolve security resource requirements including budget, staff, training needs and prioritization
• Ensure the appropriate development and delivery of end user security awareness training, effective reporting, as well as performance metrics; executes on security metric reporting to ensure business and senior leadership have a proper view of current security state and risks
• Define requirements and lead on evaluating and analyzing existing and new technology, platforms and applications to anticipate potential security gaps and concerns
• Own all documentation, process, and training surrounding Polly’s business continuity and disaster recovery abilities

Benefits

• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance
• Unlimited PTO
• Remote environment