CARET is hiring a
Security & Compliance Manager, Remote - United States

Summary

The job is a remote Security Manager position at CARET Legal. The role involves managing the Cyber Security & Compliance Programs to keep the business secure while protecting the brand. The person will lead the daily operations of the Security Engineering and Compliance department, advise executives on security strategies, conduct thorough security assessments, and develop cybersecurity training programs.

Requirements

• Minimum 2+ years in a People Manager role of a Security team with demonstrable experience in growing individuals
• Minimum 5+ years of continuous experience in Cyber Security in addition to experience in other domains such as Engineering, Operations, and/or Compliance
• Experience in Vendor Management and product and service comparisons to include decision making of buy versus build
• Strong organization and leadership skills with the ability to facilitate technical sessions and capable of communicating complex technical information to a non-technical audience and mentor and coach technical staff
• Certification in at least one of the following CISA, CISM, or CISSP
• Knowledge of NIST, CIS, ISO, OWASP and other applicable Security Industry Standards and Best Practices

Responsibilities

• Lead the daily operations of the Security Engineering and Compliance department
• Advise executives on the best strategies for optimizing the security of our data, systems, and business processes
• Review and update security and privacy policies and roadmaps
• Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications
• Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation
• Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure
• Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies
• Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks
• Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture
• Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture
• Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements
• Provide expertise and guidance on security-related matters to internal stakeholders and leadership

Preferred Qualifications

• Deep technical knowledge of Cyber Security, DevOps, and InfraOps is preferred
• Security Architecture principles (Defense-in-Depth, Secure by Design, Zero Trust, etc.)
• Experience in varied environments (Azure, AWS, Private Cloud)
• Experience in varied technologies (IaC, SDN, Firewalls, Servers, Containers, Serverless, Endpoints, Collaboration, etc.)
• Security Program Phases (Risk Assessment, Architecture and Design, Implementation, Operations and Monitoring)

Benefits

• Flexible PTO
• Summer Fridays
• No meeting Fridays
• Medical, Dental, Paid Sick Days, Vision, and Supplemental Coverage
• Flexible Spending Account
• Health Savings Account
• 401(k) match