Skilljar is looking for a Manager of Information Security and Compliance. You will work cross-functionality across the entire Skilljar organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles. We will rely on your wide-ranging experience in this role as you perform a large variety of tasks - from strategy through implementation. You must be comfortable talking with customers, coordinating audits, and implementing internal policies and procedures across a fast-growing software company. Prior management experience is required, as you grow a team focused on security and IT operations and compliance.

Responsibilities

• Own strategy and vision around IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining all security policies and procedures for a growth stage SaaS company
• Collaborate and communicate effectively with product and engineering teams to ensure application security is championed throughout our processes, including regular vulnerability scans and 3rd party penetration testing
• Drive business results by representing Skilljar security in prospect & customer conversations
  • Respond to customer & prospect security assessments / questionnaires
  • Participate in security review calls w/ customers & prospects
• Manage SOC2 audit process and assess other certifications (e.g. ISO 27001) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
  • Own the partnership with external auditors and legal
    Review and update existing controls to best balance agile startup environment and meet the security requirements of our customers
  • Coordinate audit processes
  • Cross functional collaboration with HR and Finance for a successful audit
• Develop and Conduct annual information security awareness training for employees
• Work with HR to ensure security on Skilljar employee computer systems
• Work with Executive Leadership to strategize and recommend changes and updates to company-wide processes and policies relating to security.
• Ensure Skilljar’s continued compliance with existing privacy standards, including GDPR and CCPA.
• Own and develop other miscellaneous infosec policies and programs outside of compliance

Requirements

• 5-7 years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
• High-growth startup experience is required, enterprise SaaS experience preferred
• Experience leading SOC2 audits and managing external service providers
• Experience reviewing potential corporate vendors with regards to security and compliance with privacy laws (GDPR, CCPA, etc) and conducting audits of existing vendors.
• Able to communicate security risks in business terms that can be clearly understood at all levels of the organization
• Deep familiarity with with distributed web applications, and security processes and procedures of agile engineering teams
• Experience managing and configuring web applications hosted on AWS
• Experience with MacOS, MDM and endpoint management solutions like Jamf
• Security configuration and management of corporate productivity software including Google’s GSuite, Slack, SFDC
• Bachelor’s degree in Computer Science or related field
• CISSP certification preferred
• US work authorization and criminal background check are required

Our Benefits

• Comprehensive Medical Coverage: Skilljar pays 100% of our employee premiums for medical, dental, vision, disability, and life insurance. (PTO and family leave)
• Flexible Time Off: We believe in a healthy work/life balance and trust our employees to take the time off they need to bring their A-game to work.
• Benefits Package: Skilljar employees receive a monthly technology reimbursement for remote work, 401K savings plan, stock options, and access to an Employee Assistance Program.
• Inclusive Culture: We are intentional about creating a culture that is fun and inclusive. Join us for Fun Committee events, trivia nights, Bingo, and more!