Information Security Manager
Madison, Wisconsin, United States
Acquia, Inc.
Acquia provides the leading cloud platform for building, delivering, and optimizing digital experiences.Summary
The Information Security Manager is responsible for the Information Security Management System program across the organization including frameworks, measurement, audits, and compliance with both internal policies and external certification/attestation bodies. This position identifies, evaluates, and reports on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The Information Security Manager’s role is to act as an interface between the Executive team’s strategic direction and the work of the technology-focused analysts, engineers, and administrators across the organization.
Essential Duties
- Serve as ISMS Manager driving our ISO, HIPAA, and future compliance initiatives
- Perform an Annual Risk Assessment
- Maintain Data Classification framework
- Maintain Asset Inventory framework
- Serve as primary risk evaluator for the Vendor Management Program
- Provide direction and support as needed to Widen Security Analyst(s)
- Maintain and develop security policies that prepare us for our desired growth and inherent risks
- Act as lead for privacy concerns at Widen working in coordination with the contracted Virtual Data Privacy Officer
- Investigate reported vulnerabilities, assign risk based on findings, and drive remediation as appropriate
- Maintain internal vulnerability and penetration testing frameworks
- Audit AWS infrastructure for compliance and submit remediation findings to appropriate teams
- Implement a system for log analysis and security event management
- Maintain, audit, and drive remediation for configuration and patch management solutions and deficiencies
- Develop and maintain access policies and frameworks
- Evaluate security plans to ensure the integrity of new and/or existing business operations
- Translates and designs security requirements.
- In coordination with the Director of Technical Operations, present a quarterly State of Information Security report to the Executive committee
- Prioritize diversity, equity and inclusion in your every day work to create an environment of respect
- Work closely with the Director of Technical Operations to maintain the five-year security roadmap and bring that vision to realization.
- Assist with Information Security Policy communication and security awareness to business units.
- Hold membership on the ISMS Tactical Committee and ISMS Strategic Committee.
- Protect the confidentiality, integrity, and availability (CIA) of Widen and customer information held, in any form.
- Other duties as assigned
Essential Qualifications
- At least 5 years of relevant experience
- Excellent communication and collaboration skills
- Expert knowledge of Information Security Management System frameworks and paradigms
- Expert knowledge of at least one compliance attestation or certification: ISO 27001, HIPAA, SOC2, etc.
- Ability to translate security requirements into actionable business solutions
- Ability to interface with customers directly on topics of security and compliance
- Ability to learn and adapt to new technologies quickly and become productive in their use
- Strong knowledge of software development security principles, concepts, and best practices
Preferred Qualifications
- At least 8 years of relevant experience
- SSCP or CompTIA Security+ certification
- Understanding of AWS Identity Access Management or comparable cloud security controls
Tags: Audits AWS CIA Cloud Compliance CompTIA HIPAA ISMS ISO 27001 Log analysis Pentesting Privacy Risk assessment SOC 2 SSCP Vendor management Vulnerabilities
Perks/benefits: 401(k) matching Competitive pay Equity Flex hours Flex vacation Health care Home office stipend Insurance Medical leave Parental leave Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs