Security Operations Manager (in person or remote)

About HowGoodHowGood is an independent research company with the world's largest database on product sustainability. With more than 33,000 ingredients, chemicals, and materials assessed, HowGood SaaS and impact data offerings help leading brands, retailers and investors improve their environmental and social impact. Through in-depth, ingredient-level insights into factors ranging from greenhouse gas emissions to animal welfare to labor risk, HowGood data powers strategic decision-making for the sourcing, manufacturing, merchandising, and marketing of sustainable products.Security and compliance at HowGood requires the ability to simultaneously navigate a highly protected landscape of customer held trade-secret data, in addition to publicly available data for which we surface conclusions to our customers; all the while supporting specific initiatives from teams and departments that span a diverse range of stakeholders. Reporting into Operations, the Security Operations Manager will set the company-wide tone regarding how customer data is used, processed, maintained and protected alongside HowGood’s own insights.The Security Operations Manager will be a key contributor on the Operations team and provides expert knowledge of security regulation, compliance, and best practices to operationalize our product’s Security program. The role will contribute expert knowledge of security concepts and best practices and apply them to our unique offering, working cross-functionally with interdisciplinary teams to drive execution of security-by-design across the company. This position requires rigor and attention to detail, as well as a knack for partnering cross-functionally across teams in a fast-paced environment. The Security Operations Manager will ensure that the following are in place: appropriate security controls, processes, and considerations within our development environment, specifically with regards to HowGood’s network security, application security, data protection and cloud security, as well as vulnerability management.

Responsibilites:

• Implement and maintain company-wide Security Assessment Portal (SafeBase) as the central repository of policies, compliance and certification levels.
• Coordinate across teams (Product, HR, Operations) to identify any practice gaps and successfully lead the company through its first SOC2 audit process
• Assist Sales team in completion of incoming Security Assessments from potential customers, streamlining the process to ensure a quick turnaround to enable new contract signing.
• Lead and manage security projects and initiatives, working cross-functionally with internal teams to implement security controls and safeguards in releases, features, workflows and internal processes supporting our B2B SaaS product.
• Improving, maintaining, and testing key processes such as business continuity planning, incident response, and vendor risk management.
• Be a respected partner to the Product and Engineering Teams, ensuring that security risks are identified, thought about, remediated, mitigated, and documented appropriately.
• Provide security subject matter expertise to internal and external stakeholders, working collaboratively across the company to support business goals and objectives.
• Identify, mitigate, track, and report identified security risks, managing the security operations process, escalating as appropriate.
• Develop and track security metrics to identify trends, areas of focus, as well as measures of success.

Requirements:

• 5-7 years of information security, cybersecurity, or security product management experience (preferably in a B2B SaaS environment)
• Bachelor’s degree OR relevant technical experience in security required. Advanced degree a plus but not required.
• Experience conducting risk analysis, identifying security vulnerabilities, coordinating pen testing, threat modeling, and performing security reviews and assessments.
• Familiarity with data protection and security compliance frameworks and controls, as well as risk assessment best practices.
• Experience implementing and maintaining MDM (e.g. Jamf), antivirus, and network security best practices
• Security certifications (CISM, CISSP, CISA, HCISPP, etc.) are a strong plus but not required.

Why work at HowGood?

• Competitive compensation packages, with health benefits, 401k & generous leave policies
• Office in Upstate New York (Stone Ridge), but remote work is fine
• Flexible, relaxed but fast moving environment

HowGood has the world’s largest sustainability database and has recently completed the build for a new data model that allows for unprecedented flexibility in building metrics that help decision makers the world over understand the impact of their choices. Whether we are supporting NGO’s, business leads, product developers or individual shoppers, we help people understand the impact of their choices. Our model allows us to build metrics for measuring the impact of externalized costs faster and better than ever before.Applicants for this role should be excited to participate in creating new understandings, supporting better decision making and helping to change the world.Please submit a resume and cover letter. HowGood is an Equal Opportunity Employer. We seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical​​​ condition, pregnancy, genetic information, gender, sexual orientation, gender identity or ​expression, veteran status, or any other status protected under federal, state, or local law.