Manager, Information Security

8+ years of experience in IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider. Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools. Experience with event monitoring and alerting tools such as Datadog, Stackdriver, and Azure Sentinel. Experience with Cloud Native Application Protection Platforms (CNAPP). Experience with leveraging security tools within the Software Development Lifecycle (SDLC). Working knowledge of security regulations, standards, and frameworks, including ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST.

Maintain System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, and conduct Security Impact Analysis (SIA). Develop and maintain automated Plans of Action and Milestones (POAMs). Contribute to the adoption and implementation of automation and AI within Information Security operations. Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls. Communicate security compliance issues to stakeholders, track mitigation tasks, and assist in report generation. Manage and track remediation of identified risks and vulnerabilities. Ensure information security policies are incorporated across hosted services and infrastructure, focusing on hardening and DevSecOps principles. Coordinate with field teams to respond to vendor security assessments and conduct 3rd party risk assessments.