Information Security Manager

Job not on LinkedIn

September 6

Apply Now

Receive Emails with Similar Jobs

Synack, Inc.

WebsiteLinkedInAll Job Openings

Synack is the premier security testing platform harnessing a vetted community of the world’s most talented security researchers to deliver continuous penetration testing and vulnerability management. We help our customers build and augment their security testing capabilities and capacity to deliver transformational results—better than traditional pentesting methods. We are committed to reducing cybersecurity risk for our customers by bridging the cybersecurity talent gap and giving organizations on-demand access to the most trusted network of researchers in a secure way, all on one platform.

201 - 500 employees

📋 Description

• Maintain System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, and conduct Security Impact Analysis (SIA) on major system changes • Develop and maintain automated Plans of Action and Milestones (POAMs) • Contribute to the adoption and implementation of automation and use of Artificial Intelligence (AI) within Synack's Information Security operations • Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls • Communicate regularly with stakeholders on security compliance issues aligning to CIS and NIST standards, track mitigation/remediation tasks, and assist in generation of reports and metrics • Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties • Work collaboratively with Project Managers and Software Engineers to ensure appropriate information security policies, standards, procedures, and guidelines are incorporated across Synack hosted services and infrastructure, focusing on hardening and DevSecOps principles • Coordinate with field teams to respond to vendor security assessments and conduct 3rd party risk assessments of Synack vendors

🎯 Requirements

• 8+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider • Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools • Experience with event monitoring and alerting tools such as Datadog, Stackdriver, and Azure Sentinel • Experience with Cloud Native Application Protection Platforms (CNAPP) • Experience with leveraging security tools within the Software Development Lifecycle (SDLC) • Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST • Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences • Must be a citizen of the United States (due to federal government contract requirements)

🏖️ Benefits

• The compensation package for this position may also include equity, and benefits. • For more details about our benefits, please see https://synack.mybenefits.life. • Remote in the US (job location and flexible work arrangement).