Manager, Information Security and Compliance

Boston, Massachusetts
Product
Full Time
ObserveIT is the world’s first people focused cybersecurity company. We call ourselves a startup with a head start with 1800+ customers and growing at over 50%+ y-o-y. Also, ranked #2 best places to work in Boston by the Boston Business Journal.
 
Our insider threat monitoring and prevention solution is easy to deploy and provides customers with the ability to quickly detect risky behavior, streamline the investigation process and implement flexible prevention methods. We are proud to serve the Who's Who of the Fortune 500 as well as a growing number of mid-market firms. Our customers include Starbucks, The Coca-Cola Company, AIG, Cigna, Microsoft, and IBM, to name a few. We've grown 50% per year over the last five years and have outstanding financial and operational support from Bain Capital Ventures.
 
Summary
As Manager of Information Security and Compliance at ObserveIT, you will own the design and implementation of information security policies, standards, and procedures across our organization. You are eager to guide an organization to be security conscious by evaluating and providing security solutions for new/existing security hardware, software, and tools. You will work in tandem with the engineering team to ensure proper security tools/procedures are incorporated for our cloud/SaaS product.

Responsibilities:

    • Provide overall information security management direction to the company. Manage all due diligence for the security function and security systems. Identify risks and system needs, define solutions and appropriate standards, establish and maintain security policies and procedures.
    • Maintain ownership of the development, compliance and exceptions to information security policies, standards, and procedures.
    • Participate in the development and implementation of goals, objectives, policies, and priorities for the IT department; recommend and implement policies and procedures.
    • Manage relationships with 3rd party providers of service delivery and security monitoring and/or tools to ensure assets are being protected.
    • Perform risk analysis and provide functional and technical expertise as it relates to information security for both current and future customers.
    • Ensure security best practices are identified and integrated into all facets of the enterprise including network, software development, system designs/configuration, and implementations.
    • Facilitate internal and external penetration testing and audit participation.
    • Lead the identification, response, investigation, and remediation of potential breaches of and issues surrounding information security.
    • Execute programs for user awareness, compliance monitoring, and security compliance; lead the identification, response, investigation, and remediation of potential breaches/issues surrounding information security. 

Required Experience:

    • At least 7 years of professional work experience in an information-security-related role.
    • Proven success spearheading, designing and implementing company-wide security programs; experience defining and identifying proper security policies, procedures, and tools to put in place. 
    • Experience defining and executing proper security tools and standards as they relate to the development of Cloud/ SaaS offerings and products. 
    • Deep understanding of information security and privacy compliance frameworks such as SOC, PCI, and/or Privacy Shield and GDPR.
    • BS in Computer Science, Information Technology, Security, or related.
    • CISSP, CISM or similar industry-related certifications preferred. 
Job Type: Full-time
 
Fairness Matters: We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.