YipitData is hiring a
Security Program Manager, Remote - United States

Summary

The Security Program Manager will coordinate and advance the company's security initiatives in alignment with the NIST Cybersecurity Framework (NIST CSF). This role involves collaboration with various departments to embed security and risk management best practices across the company. The position is remote-friendly and requires 1-3 years of experience in a security program analyst or GRC-related role, knowledge of GRC principles, strong project management skills, and proficiency in coordinating risk management activities and compliance tasks.

Requirements

• Have 1-3 years of experience in a security program analyst or GRC-related role
• Demonstrated experience in mapping and tracking security program activities to frameworks like NIST CSF and SOC 2
• Knowledge of GRC principles and their application within a security program
• Strong project management skills, with a track record of achieving project milestones and deadlines
• Proficient in coordinating risk management activities and compliance tasks
• Effective communicator with an ability to articulate complex security concepts to diverse audiences

Responsibilities

• Oversee the planning and execution of security initiatives, ensuring alignment with the NIST CSF and organizational security goals
• Map security activities and tasks to the NIST CSF domains: Identify, Protect, Detect, Respond, and Recover, ensuring comprehensive coverage and continuous improvement
• Conduct regular reviews and updates of security processes (access reviews, compliance with standards and frameworks, evidence collection) to align with the evolving guidelines of the NIST CSF, SOC 2, and other relevant GRC requirements
• Work across the company to embed GRC considerations into project management and operational processes, enhancing the company’s resilience to cyber threats
• Drive risk assessment initiatives across teams, correlating them with NIST CSF and the company’s risk management strategy
• Facilitate and manage compliance with regulatory requirements, ensuring projects adhere to relevant laws, standards, and best practices
• Document and maintain records of security-related decisions, actions, and outcomes to support auditing and compliance verification efforts
• Collaborate with auditors and across the company in order to ensure efforts are aligned with SOC preparedness. This will include preparing evidence, working with teams to remediate any issues, and serving as a go between for these efforts
• Organize and deliver security awareness training programs to foster a culture of security mindfulness
• Liaise with vendors and third parties to ensure security requirements are met and risks are managed
• Continuously monitor the security landscape to address new and emerging threats
• Communicate the status, risks, and achievements of the security program to stakeholders, using NIST CSF as a benchmark for program maturity

Preferred Qualifications

• Maintain relevant certifications such as PMP, CISSP, CISM, or specific to NIST (e.g., NIST Cybersecurity Professional) are highly valued, but not required for this position
• Experience with operation and managing security programs that are compliant with SOC2, ISO27001, NIST CSF,  NIST 800-53, etc is highly desired
• Have a Bachelor's degree in Business, Information Management Systems, Information Technology, Cybersecurity, Computer Science, or a related field

Benefits

Flexible work hours, flexible vacation, a generous 401K match, parental leave, team events, wellness budget, learning reimbursement, and more!