IT Security and Compliance Manager

The ultimate source for official answers about a business online should be the business itself. However, when consumers ask questions on company websites, too often they are left in the dark with wrong answers. Yext (NYSE: YEXT), the Search Experience Cloud, solves this problem by organizing a business's facts so it can provide official answers to consumer questions — wherever people search. Starting with the company website, then extending across search engines and voice assistants, businesses around the world, like T-Mobile, Jaguar Land Rover, BBVA USA, and Kiehl’s — as well as organizations like the U.S. State Department and World Health Organization — trust Yext to radically improve the search experience on their websites and across the entire search ecosystem.

The IT Security and Compliance Manager will be responsible for partnering with IT & Business Leadership to develop, implement, maintain, and mature a strategic, risk-based roadmap of our Information Security, Risk, & Compliance program. The goal of this road map is to implement appropriate practices thereby protecting the organization and supporting our strategic objectives. This individual will work cross-functionally to develop guidelines and standards as well as educate and enable our employee base to ensure we meet our Information Security, Risk, & Compliance objectives.  This position requires hands-on experience providing information security services including policy management, compliance with HIPAA, SOC 2–Type 2, and other regulatory requirements, risk management, auditing, security incident management, as well as administration and operations of information security tools and services. 

What You'll Do

• Communicate policies and procedures to stakeholders inside and outside the company.
• Develop and direct the implementation of security standards and best practices for the organization
• Create and access policies and oversee identity and access management
• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
• Coach and mentor staff, provide and strive for constant feedback and improvement, create annual tasks and standards for the staff, complete annual performance reviews.
• Monitor, manage and assign security and compliance efforts
• Manage and coordinate efforts in support of external audits and assessment activities.
• Provide audit response and ongoing guidance on solutions to achieve and maintain security compliance, to mitigate information security risks and to correct compliance exposures and gaps.
• Constantly update the information security strategy to leverage new technology and threat information
• Brief senior management on status and risks, including championing the overall strategy and necessary budget
• Maintain a current understanding the IT threat landscape for the industry
• Provide day-to-day operational support of various security tools and controls; such as access controls, endpoint protection, anti-virus/malware, data loss prevention, e-mail security, and security log management and monitoring tools.

What You Have

• Bachelor's degree in Business, Technology or related field
• 10+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
• Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
• Information Security professional certification; e.g., CISM, CHP, CGEIT, CSCS, CISSP/HCISSP, ISSAP, or other equivalent certification is preferred.
• Broad knowledge and hands-on experience with information security technologies and solutions such as IDS/IPS, SIEM, UTM, Firewalls, EDR, DNS protection, VPN and antivirus technologies.
• Experience with regulatory compliance, including SOX, GDPR and HIPAA, and familiarity with well-established security standards and frameworks such as ISO 27001, NIST SP 800-53 and COBIT.
• History running and participating in incident response procedures and table-top exercises.
• Understands common threat vectors applicable to the corporate environment including phishing.
• Experience with designing and running security awareness campaigns and initiatives.
• Familiarity with network administration and visibility concepts and tools.
• Excellent written and verbal communications skills, with demonstrated ability to present to both technical and non-technical audiences.
• Experience with securing virtual environments and cloud-based solutions.

Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you require a reasonable accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.