We are looking for Information Security Manager to join our team!

The InfoSec Manager is a hands-on leadership role responsible for building and maintaining a mature security program. You will partner with teams across the company to enhance the security posture and reduce the overall risk profile of the organization, and to ensure that security is embedded into business and R&D processes. 

This position is full-time and based in Newark, CA.

How You’ll Contribute

• Lead the development, enhancement and execution of a comprehensive information security program for the company.
• Define and implement security policies, controls, and procedures.
• Drive the evaluation and implementation of security tools and projects in collaboration with IT engineering and operations teams.
• Monitor for emerging security threats, provide analysis, and continuously align roadmap with the business to mitigate security risks.
• Conduct periodic security audit and penetration testing.
• Ensure that data is processed and stored in accordance with applicable laws and regulations.
• Lead and coordinate incident response, analysis, remediation, and reporting.
• Manage security services providers.
• Develop awareness programs and provide information security training to employees.
• Available for off-hour emergency escalations.

Qualifications, Skills, Knowledge & Abilities

• Bachelor’s degree in computer or information science or a related discipline.
• 7 years of technical hands-on experience in Information Security.
• Solid understanding of security frameworks, such as NIST Cybersecurity Framework, COBIT, and CIS Controls.
• Experience in Security Information and Event Management (SIEM), vulnerability management, endpoint security, email security, and encryption solutions.
• Experience in securing cloud environments, including AWS and GCP.
• Experience with securing Office 365 environments, Windows, Mac OS, and Linux.
• Strong background in data privacy and Data Loss Prevention (DLP).
• Comprehensive knowledge of network protocols, firewalls, and VPN.
• Experience with risk management methodologies, threat modeling, and vulnerability assessment.
• Experience with application and software security.
• Experience with event and incident response.
• Strong project management skills with experience managing complex projects with multiple stakeholders.
• CISSP or other industry-recognized security certification preferred.
• Experience with regulatory compliance and NIST/ISO standards, such as HIPAA, GDPR, and ISO 27001.
• Experience with production security, secure coding practices, and secure SDLC desired.
• Excellent written and verbal communication skills, including the ability to concisely explain technical concepts to business leaders.