Jobs
ThreatConnect, Inc. logoThreatConnect, Inc.

Manager of Information Security and Compliance

Arlington, Virginia, United States - RemoteArlingtonVirginiaUnited StatesNorth AmericaMay 1, 2024

Company Background

ThreatConnect, Inc. provides cybersecurity software that reduces complexity for everyone, makes decision-making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk. Designed by analysts but built for the entire team (security leadership, risk, security operations, threat intelligence, and incident response), ThreatConnect’s decision and operational support platform is the only solution available today with cyber risk quantification, intelligence, automation, analytics, and workflows in one. To learn more, please visit www.threatconnect.com.

We offer a competitive benefits package with comprehensive insurance coverage, unlimited paid time off, and unique perks designed to help you meet your financial and personal goals.

We are committed to offering an employment experience and benefits package that enables you and your family to grow with us and to share in our success. We love to recognize our employees who have gone above and beyond, and offer incentives like quarterly awards, an employee bonus, and referral program, and team-building outings.

Job Description

The Manager of InfoSec and Compliance is responsible for supporting ThreatConnect’s compliance program with respect to customers, auditors, vendors, and regulatory requirements. The program’s aim is to demonstrate compliance with the customer security and privacy agreements, North American and European laws and regulations, and industry best practices.

About You

You think of the customer first. This is a customer-facing role that sets you as the customer advocate. You enjoy interfacing with customers and driving value.

You are collaborative. You're a team player who puts the interest of the team above your own. You display a positive attitude, are open-minded, and enjoy contributing.

You are a great leader. You have no problems taking lead to make decisions. You are a mentor and guide to support your team.

You are a great communicator. You get your message across clearly to all the necessary teams and individuals within your team.

In this role, you'll get to...

  • Maintain and further enhance ThreatConnect’s information security program including relevant policies and procedures
  • Collaborate with various business units to ensure compliance with the information security policies
  • Ensure customer contracts and security and privacy requirements align with ThreatConnect capabilities by redlining customer agreements
  • Negotiate information security commitments with customers ensuring their suitability for both parties
  • Oversee all aspects of the ISO 27001:2013 and SOC 2 Type 2 programs including continuous compliance, monitoring, and internal and external audits
  • Maintain customer confidence and relationships by ensuring timely and accurate responses to customer security questions and assessments
  • Manage vendor/third-party risk assessment program to ensure compliance with ThreatConnect vendor standards
  • Oversee company-wide information security training and awareness programs
  • Perform continuous business risk assessment for current and emerging risks, develop and implement mitigation plans
  • Provide guidance on the overall security architecture for the organization and ThreatConnect SaaS networks
  • Oversee all aspects of the corporate IT supporting ThreatConnect staff and provide guidance for their continuous improvement

1-3-6-12 Month Plan

On day one, we’ll expect you to…

  • Provide expert-level guidance related to enterprise information security standards and best practices
  • Review customer security and privacy requirements and help formulate a response
  • Provide expert-level commentary on ISO 27001, SOC 2 standards

At 3 months, we’ll expect you to…

  • Have a good understanding of ThreatConnect’s compliance posture and any gaps
  • Take complete ownership of the compliance programs, security engineering, and enterprise IT, their day-to-day operations, and audits
  • Take complete ownership of responding to customer assessments and questions related to information security and privacy compliance

At 6 months, we’ll expect you to...

  • Be able to confidently communicate information security practices and standards
  • Develop operating procedures such as incident response, disaster recovery, and vulnerability management procedures
  • Participate in 24x7 on-call rotation for security-related events

At 12 months, we’ll expect you to...

  • Be a key InfoSec Compliance Manager accountable for security compliance
  • Interface with internal and external auditors for compliance audits
  • Be key in the InfoSec program strategic planning and development of short- and long-term goals

About the Team

  • This role will be managing a team of four
  • You will be working with the other IT and DevOps engineers, Sales, Customer Support, and more
  • Most of the team works remotely and collaborates heavily using Slack and Google Meet working sessions

Requirements

Required Qualifications

  • Bachelor's degree, preferably in an information technology-related field
  • 7+ years of experience in IT, security engineering, and compliance audits
  • 2+ years of experience managing engineers and small teams
  • Strong experience managing ISO 27001:2013 and/or SOC 2 Type 2 programs including external audits
  • Sound business acumen required
  • Demonstrated security assessment, risk analysis, gap analysis, auditing, corrective action planning, and compliance assessment experience
  • Excellent negotiating skills and ability to identify solutions to auditor and customer concerns on the spot
  • Expert-level understanding of information security concepts, security operations, and related technologies

Desired Qualifications

  • SaaS and public cloud/IaaS security experience
  • Experience with GDPR, US, and Canadian privacy standards
  • Auditor certification

Benefits

Work-Life Balance:

  • Unlimited Paid Time Off (PTO)
  • Employee recognition program with quarterly awards
  • Employee referral program
  • Military leave options available
  • Education reimbursement program for job-related college courses and professional training
  • Quarterly events with your geographic team
  • Annual company party
  • Summer Fridays
  • Rest and recharge days

Medical:

  • MEDICAL PREMIUMS FOR INDIVIDUALS AND FAMILIES ARE 100% COVERED
  • Prescription drug coverage
  • Dental coverage
  • Vision coverage
  • Company-paid short term and long term disability
  • Company-paid insurance and AD&D coverage
  • Pet Insurance

Financial:

  • 401K retirement savings plan with company matching program up to 6%
  • Health Savings Account
  • Flexible Spending Accounts (medical, dependent care, transit and parking)
  • Cell phone stipend
  • Paid Parental Leave
  • Paid Bereavement Leave

Research shows that while men apply to jobs when they meet about 60% of job criteria, women and individuals from marginalized groups tend to apply only when they check every box. If you think you have what it takes but you’re not sure that you check every box, apply anyway!

Cyber Security Jobs by Category

Remote jobsFull Time jobsManager jobsIncident Response jobs

Cyber Security Jobs by Location

Cyber Security Jobs in ArlingtonCyber Security Jobs in VirginiaCyber Security Jobs in United StatesCyber Security Jobs in North America

Cyber Security Salaries

Remote SalaryFull Time SalaryManager SalaryIncident Response SalaryCyber Security Salary in ArlingtonCyber Security Salary in VirginiaCyber Security Salary in United StatesCyber Security Salary in North America