Security And Compliance Manager

Summary

Join CARET's Information Security Team as a fully remote Security Manager, reporting to the SVP Cloud Engineering and Technology. This role is responsible for the success of Cyber Security & Compliance Programs, ensuring the security of CARET's business enterprises and protecting the brand. You will manage the Security and Compliance department's daily operations, collaborate with department leaders to improve security posture, and advise executives on security strategies. The ideal candidate possesses strong business acumen and extensive experience in cybersecurity across various domains. This position offers a competitive salary, comprehensive benefits, and a flexible work environment.

Requirements

• Minimum 2+ years in a People Manager role of a Security team with demonstrable experience in growing individuals
• Minimum 5+ years of continuous experience in Cyber Security in addition to experience in other domains such as Engineering, Operations, and/or Compliance
• Experience in Vendor Management and product and service comparisons to include decision making of buy versus build
• Certification in at least one of the following CISA, CISM, or CISSP
• Knowledge of NIST, CIS, ISO, OWASP and other applicable Security Industry Standards and Best Practices

Responsibilities

• Lead the daily operations of the Security Engineering and Compliance department
• Advise executives on the best strategies for optimizing the security of our data, systems, and business processes
• Review and update security and privacy policies and roadmaps
• Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications
• Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation
• Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure
• Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies
• Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks
• Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture
• Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture
• Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements
• Provide expertise and guidance on security-related matters to internal stakeholders and leadership

Preferred Qualifications

• Deep technical knowledge of Cyber Security, DevOps, and InfraOps
• Security Architecture principles (Defense-in-Depth, Secure by Design, Zero Trust, etc.)
• Experience in varied environments (Azure, AWS, Private Cloud
• Experience in varied technologies (IaC, SDN, Firewalls, Servers, Containers, Serverless, Endpoints, Collaboration, etc.)
• Security Program Phases (Risk Assessment, Architecture and Design, Implementation, Operations and Monitoring)
• Strong organization and leadership skills with the ability to facilitate technical sessions and capable of communicating complex technical information to a non-technical audience and mentor and coach technical staff
• Experience with Microsoft Defender, Rapid7, CoalFire, and Trivy

Benefits

• Flexible PTO
• Certification(s) reimbursement
• Summer Fridays
• No meeting Fridays
• Extended Medical, Dental, Paid Sick Days, Vision, Life Insurance, and Disability Leave Coverage