Information Security Manager

Remote (US or Canada)

1Password logo
1Password
Apply now Apply later

Posted 2 weeks ago

60,000 businesses and millions of people use 1Password to protect their most important information. We’re a kind, curious, and customer-focused team on a mission to build the world's most-loved password manager and give people more control over their data.
1Password has a long-standing commitment to customer privacy and security, and the Security Team is responsible for upholding this commitment. We are a passionate team that really cares about protecting our customers and we’re looking for someone that shares this passion.
As the Information Security Manager with a focus on Privacy Governance, Risk, and Compliance, you’ll be working with teams across the company to help us to continue to raise the bar for security. This includes leading compliance and privacy, security relations, and training initiatives, providing leadership to IT and DevOps, and working closely with security engineering and other teams.

What we're looking for:

  • 10+ years of relevant work experience, including 3+ years in a management or team lead role.
  • Experience in a highly-distributed or remote work environment.
  • Experience leading security and/or IT teams.
  • Experience overseeing SOC2, ISO 27001, or other similar audits.
  • Experience overseeing GDPR, CCPA and other related regulatory compliance programs.
  • Ability to work with representatives from all parts of the business, of all levels and across multiple time zones.
  • Ability to serve as a subject matter expert when working with various teams.
  • Ability to participate in incident response activities, including detection and response.
  • Ability to lead internal risk assessments, and develop and implement remediation and improvement plans.
  • Ability to develop and report on KPIs, and identify opportunities for improvement.

Bonus points for:

  • Experience developing and implementing a FedRAMP compliance program.

What you'll be doing:

  • Manage various efforts in the Security Team, including compliance and privacy (audits such as SOC2, policy development & maintenance, GDPR compliance, etc).
  • Security relations – communications such as blog & support articles, working with marketing to ensure accuracy of materials, maintaining internal documentation, providing a liaison to different company departments.
  • Facilitate training – developing and implementing internal training programs.
  • Working with development teams and security engineering to ensure the privacy of users.
  • Providing oversight to the DevOps and IT teams to ensure that we are following security policies and best practices throughout everything we do.
  • Review and manage requests for policy exceptions, and manage escalations.
  • Ensuring that policies, procedures, and practices align with relevant laws, regulatory requirements, and organizational goals such as putting protection of user data first.
  • Assist in planning future directions and initiatives for the security department.
Job tags: Audits DevOps FedRAMP GDPR Incident response ISO 27001