Information Security Manager

Company Description

Cricut® makes smart cutting machines that work with an easy-to-use app, an ever-growing collection of materials, and crafting essentials to help you design and personalize almost anything — custom cards, unique apparel, everyday items, and so much more.

Let’s make.

Overview

We believe everyone is born creative. We’re a diverse tapestry of thinkers, dreamers, givers, DIYers, handi-workers, artisans, and forever and always architects of things.

At Cricut, we place the power of handmade into the hands of all. We give you beautiful, easy-to-master tools so you can make something unique, remarkable, perfect. We surround you with ideas, community, inspiration, and encouragement to take your creativity further than you ever imagined. And as a community, we celebrate the exhilarating act of making every single day.

So, make that handcrafted card that feels like a hug. Design a shirt for fun, for family, or for a full-blown business. Craft with a passion or for a purpose. Make something big and bold, itsy-bitsy, amazingly ambitious, or just plain silly. Whatever you make, just make your heart out. Because here’s the remarkable truth: When we all make together, we make all things possible.

Let’s make.

Job Description

Cricut is looking for a creative, hardworking, self-motivated person to join our IT team as an Information Security Manager. Cricut is growing quickly and we are looking for someone that has demonstrated the ability to maintain and improve our comprehensive IT Security Program. We are looking for someone who is tech-savvy as well as personable. In this role, you will work alongside IT and software engineering to build and manage the programs supporting our existing compliance control activities and initiatives and make security and privacy an integral part of our processes and culture. You will be customer facing and help our customers with any IT security requests. You’ll monitor security infrastructure and respond to incidents and alerts. 

Responsibilities: 

• Manage all internal and external security compliance engagement activities. 

• You will build and manage the programs supporting our existing compliance control activities and initiatives. 

• Work very closely with many cross-functional teams to communicate and integrate control requirements (IT, SoftDev, HR, Finance, Legal, others, etc.). 

• Engage directly with Product Engineering through all phases of product design, implementation and ongoing maintenance of security compliance activities. 

• Manage and communicate compliance requirements, timelines, and roadmap to supporting teams and leadership. 

• Drive project activities to ensure requirements and schedules are met. 

• Identify and manage risks and work with project teams to identify appropriate solutions. 

• Manage, track and report compliance-related remediation to project teams and management. 

• Develop metrics and reporting to demonstrate compliance status and engagement. 

• Communicate the compliance posture and effectiveness to management on a scheduled basis. 

• Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Compliance Engagement Program. 

• Develop and work with supporting teams to design and implement an automated control strategy and exception reporting process. 

• Develop a strategy to implement and maintain a centralized audit evidence repository to support all security compliance evidence gathering and maintenance activities. 

• Integrate ongoing changes to laws, regulations, and frameworks as required into daily activities 

Qualifications

• • 7-9 years working experience within Data Security & Compliance. 

• • 5 years of Data Compliance Management experience that includes managing people (direct people management). 

• • BS or MS in Computer Science or related field. 

• • Strong understanding of relevant security standards such as PCI-DSS, ISO 27001, SOC2, etc. 

• • Expert understanding of cloud controls and environments. 

• A strong foundation in IT solutions development and deployment. 

• Practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment (AWS). 

• Strong analytical, diagnostic, critical thinking and project management skills 

• Excellent problem-solving, negotiation and decision-making skills. 

• Excellent written and oral communication skills. 

• Strong Engagement skills (Internal & External). 

• Ability to represent data in graphical form. 

• Demonstrated experience managing compliance activities as part of a company (not solely in a consulting capacity). 

• Experience implementing a common/unified control framework. 

• Demonstrated experience managing and working with auditors. 

• Demonstrated experience managing and working with internal cross-functional teams and product engineering groups. 

• Demonstrated experience communicating and reporting to senior leadership. 

• Excellent interpersonal skills with a high degree of empathy and emotional intelligence. 

Additional Information

What to Do Next: 

Please attach your resume including links to your portfolio where applicable. If you want to show your super powers in other ways – include that information too. You can be sure that Cricut® is an employer who values individuality, equality and diversity, so tell us what you’re all about. If you are a Maker or a DIY enthusiast, whether you think you are a good one or not, we would love to hear about it when you send us your information!

At Cricut®, we celebrate inclusion and diversity. Cricut is an equal opportunity employer and makes employment decisions based on merit. Cricut prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines. Cricut participates in E-Verify.