Security And Compliance Manager

Summary

Join CARET's fully remote Security Manager team and lead the Information Security Team! This role reports to the SVP Cloud Engineering and Technology and is responsible for the success of Cyber Security & Compliance Programs. You will manage daily operations, advise executives on security strategies, and collaborate with cross-functional teams. The ideal candidate possesses strong business acumen and extensive experience in Cyber Security across various domains. This position offers a competitive salary, comprehensive benefits, and the opportunity to make a significant impact on a rapidly growing company.

Requirements

• Minimum 2+ years in a People Manager role of a Security team with demonstrable experience in growing individuals
• Minimum 5+ years of continuous experience in Cyber Security in addition to experience in other domains such as Engineering, Operations, and/or Compliance
• Experience in Vendor Management and product and service comparisons to include decision making of buy versus build
• Certification in at least one of the following CISA, CISM, or CISSP
• Knowledge of NIST, CIS, ISO, OWASP and other applicable Security Industry Standards and Best Practices

Responsibilities

• Lead the daily operations of the Security Engineering and Compliance department
• Advise executives on the best strategies for optimizing the security of our data, systems, and business processes
• Review and update security and privacy policies and roadmaps
• Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications
• Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation
• Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure
• Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies
• Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks
• Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture
• Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture
• Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements
• Provide expertise and guidance on security-related matters to internal stakeholders and leadership

Preferred Qualifications

• Deep technical knowledge of Cyber Security, DevOps, and InfraOps
• Security Architecture principles (Defense-in-Depth, Secure by Design, Zero Trust, etc.)
• Experience in varied environments (Azure, AWS, Private Cloud
• Experience in varied technologies (IaC, SDN, Firewalls, Servers, Containers, Serverless, Endpoints, Collaboration, etc.)
• Security Program Phases (Risk Assessment, Architecture and Design, Implementation, Operations and Monitoring)
• Strong organization and leadership skills with the ability to facilitate technical sessions and capable of communicating complex technical information to a non-technical audience and mentor and coach technical staff
• Experience with Microsoft Defender, Rapid7, CoalFire, and Trivy

Benefits

• Flexible PTO
• Summer Fridays
• No meeting Fridays
• Medical, Dental, Paid Sick Days, Vision, and Supplemental Coverage
• Flexible Spending Account
• Health Savings Account
• 401(k) match