Skilljar is looking for a Manager of Information Security and Compliance. You will work cross-functionality across the entire Skilljar organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles. We will rely on your wide-ranging experience in this role as you perform a large variety of tasks - from strategy through implementation. You must be comfortable talking with customers, coordinating audits, and implementing internal policies and procedures across a fast-growing software company. Prior management experience is required, as you grow a team focused on security and IT operations and compliance.
- Own strategy and vision around IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining all security policies and procedures for a growth stage SaaS company
- Collaborate and communicate effectively with product and engineering teams to ensure application security is championed throughout our processes, including regular vulnerability scans and 3rd party penetration testing
- Drive business results by representing Skilljar security in prospect & customer conversations
- Respond to customer & prospect security assessments / questionnaires
- Participate in security review calls w/ customers & prospects
- Manage SOC2 audit process and assess other certifications (e.g. ISO 27001) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
- Own the partnership with external auditors and legal
Review and update existing controls to best balance agile startup environment and meet the security requirements of our customers
- Coordinate audit processes
- Cross functional collaboration with HR and Finance for a successful audit
- Develop and Conduct annual information security awareness training for employees
- Work with HR to ensure security on Skilljar employee computer systems
- Work with Executive Leadership to strategize and recommend changes and updates to company-wide processes and policies relating to security.
- Ensure Skilljar’s continued compliance with existing privacy standards, including GDPR and CCPA.
- Own and develop other miscellaneous infosec policies and programs outside of compliance
- 5-7 years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
- High-growth startup experience is required, enterprise SaaS experience preferred
- Experience leading SOC2 audits and managing external service providers
- Experience reviewing potential corporate vendors with regards to security and compliance with privacy laws (GDPR, CCPA, etc) and conducting audits of existing vendors.
- Able to communicate security risks in business terms that can be clearly understood at all levels of the organization
- Deep familiarity with with distributed web applications, and security processes and procedures of agile engineering teams
- Experience managing and configuring web applications hosted on AWS
- Experience with MacOS, MDM and endpoint management solutions like Jamf
- Security configuration and management of corporate productivity software including Google’s GSuite, Slack, SFDC
- Bachelor’s degree in Computer Science or related field
- CISSP certification preferred
- US work authorization and criminal background check are required
- Comprehensive Medical Coverage: Skilljar pays 100% of our employee premiums for medical, dental, vision, disability, and life insurance. (PTO and family leave)
- Flexible Time Off: We believe in a healthy work/life balance and trust our employees to take the time off they need to bring their A-game to work.
- Benefits Package: Skilljar employees receive a monthly technology reimbursement for remote work, 401K savings plan, stock options, and access to an Employee Assistance Program.
- Inclusive Culture: We are intentional about creating a culture that is fun and inclusive. Join us for Fun Committee events, trivia nights, Bingo, and more!