Information Security Manager

Reliability, latency, and security, along with being present where our customers need us, are critical to our success. Every request we process is important to everyone involved. We can’t go down because our customers’ businesses depend on us: we processed eCommerce transactions worth over $200B in 2020, and decided on billions of critical decisions. 

We utilize highly sensitive information our customers trust us with, to catch fraudsters and abusers and let consumers operate without any friction. 

Our systems run on 1000s of machines, on multiple regions (and Clouds), at a massive scale to provide the best service to the Enterprise customers we serve. 

If this kind of working environment sounds exciting to you, if you understand that Engineering is about building the most effective and elegant solution within a given set of constraints  - consider applying for this position. But hold on, you best check the position requirements first :) 

• The ISM position requires a working knowledge of information security technologies. The ISM will proactively work with various teams and departments to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of security-related risk management activities. 
• The ISM will serve as the process owner of security and compliance activities related to the availability, integrity and confidentiality of customers, business partners / vendors, employees and business information in compliance with the organization's information security policies. The ISM must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. 

• The ISM's role will be part of the GRC & InfoSec department. The ISM must be able to translate the IT-risk requirements and business constraints into technical controls and specifications.

Stuff you’ll be doing:

• Continuously enhance the security standard of Forter solutions by  developing /  implementing open-source / third-party tools to assist in detection, prevention and analysis of security threats, manage internal and external pen testing and test security products and evaluating them
• Monitor networks and systems and the external threat environment for security risks and emerging threats, and advise relevant stakeholders on the appropriate courses of action.
• Ensure that security programs comply with audit requirements, relevant laws, regulations and security & privacy policies to minimize or eliminate risk and audit findings.
• Assessing the risks of Forter environments and planning to minimise possible threats and provide regular reporting on the current status of the information security program to the relevant stakeholders as part of the risk management program.  
• Interact with various teams and stakeholders to guide on authentication, authorization and encryption solutions.
• Provide technical answers and assist sales teams with RFPs / RFIs / RFQs and sales efforts

Stuff we need you to have:

• 5+ years working in a relevant security role 
• Knowledge of risk assessment industry best practice frameworks and methods
• Ability to communicate network security issues to peers and management
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Knowledge of and experience in developing and maintaining policies, procedures, standards and guidelines., documenting security architecture and plans (including project plans).

• Extensive knowledge of various threats and vulnerabilities (DDOS, Social engineering hacking forms, etc.)
• Knowledge of AWS and Azure security tools 
• Highly-analytical with strong attention to detail and good troubleshooting grasp
• Great verbal and written communication skills, Hebrow and English

It’d be really cool if you also:

• CISSP or CISM certified
• Have experience with common information security management frameworks, such as ISO27001 / SOC2 / PCI-DSS or similar
• Familiar with the principles of cryptography and cryptanalysis.

What it’s like to work at Forter:

We believe that head-count is a vanity metric (i.e. more doesn’t necessarily mean better), and that people matter! This is why we prefer smaller teams of talented and cohesive teams over “just give us some more working hands”. 

We believe that the metric we should optimize for is increasing the IQ and EQ of our team over time, by building an organization that will draw such people to us. We care immensely about how the team works together, and we’re not shy from hard conversations. When you try to make an impact, friction (of opinions, or business constraints) is something you need to deal with. 

We don’t have QA, we don’t have Architects (“CTO team”), we don’t have a NOC or SOC team. We look at our team as part of the system that we build, so we optimize the process and tools to fit our team. Most of our team has a generalist-mindset, but our system is vast and we have people developing expertise in areas they are passionate about. 

We are big believers in having Skin in the game as a way of setting the alignment of incentives to build things right, and picking boring technology as we respect the complexity of our system and business.

You should join to help us build a better version of Forter, rather than a smaller version of a large company. 

 If you’re up for the challenge, please submit your CV.