Dynamic Signal is the leading Employee Communication and Engagement Platform, committed to creating a connected, inclusive, and engaged workforce where people feel valued and empowered to be their best. From factory workers and field employees to knowledge workers in any time zone, hundreds of companies across every industry use Dynamic Signal’s web, desktop, and mobile applications to build aligned, productive, and actively engaged communities and employee advocates.
We are looking for a candidate that has the expertise to manage security risk and help mature our risk management program into an industry leading practice. As our Information Security Manager, you will lead the security compliance programs for Dynamic Signal, oversee information technology risks and perform security assessments to ensure the protection of our company’s technology assets are following regulatory compliance and industry standard security frameworks.
You will also work with external auditors and internal stakeholders to establish our security controls to maintain our SOC2 type II certification. INFOSEC Risk Management is growing in importance as we transmit and store an increasing amount of sensitive information and adapt to new technologies. Implementing a robust risk management practice is imperative to ensure information and technology protection of our customers who entrust their information to DySi.
- Manage Dynamic Signals security policies, procedures, and controls, and deliver on customer assessments, questionnaires, & RFIs in support of our internal sales, legal, and product teams.
- Implement and execute the security strategy to ensure we’re meeting our customers’ expectations and in compliance with all applicable laws and regulatory requirements.
- Drive ongoing security risk management initiatives to ensure adherence across our fast-growing organization.
- Define both short and long-term goals and roadmaps for security risk management to meet DySi’s goals and objectives.
- Develop efficient and effective tactical response procedures for security incidents, security risk management practices that meet the needs of multiple business, regulatory, and security stakeholders and work with those teams to drive successful implementation.
- Leverage automation to monitor & audit compliance with security risk management requirements.
- Share knowledge and enable a high-performing team of security risk management professionals.
- Work with cross-functional teams to deliver excellence in security compliance.
- Lead Dynamic Signal’s SOC2 compliance initiatives and manage our annual SOC2 compliance projects.
- Manage and coordinate response teams during security incidents (phishing, DDOS, malware, etc.) through resolution and lessons learned.
- Make improvements to the overall internal security posture and processes to enable standardized responses to all customer security questions.
- Review alerts and data from systems and respond accordingly, including documentation and escalation.
- Recommend and implement mitigating actions to contain incident related activity.
- Participate in product selection, vendor evaluations, and implementation of security technologies.
- Lead the design, implementation, and maintenance of security plan, policies, procedures, and standards.
- Perform controls testing, document results, and provide detailed updates to leadership.
- Dimensioning risk and creating remediations for technical solutions to enable a consistent level of security across DySi and performing gap assessments against those requirements.
- Minimum of 3+ years’ experience managing security risk and security related technologies; 2+ years’ experience with security control assessment is highly preferred.
- One or more of the following certifications is preferred: CISM, CISA, CISSP, CEH.
- Extensive knowledge and understanding of information security frameworks such as SOC2 type II and overall best practices for information security is required.
- Experience with driving the vision, priorities and plans for security programs.
- Must be able to clearly communicate security concepts to a diverse audience including technical and non-technical employees, external auditors, outside consultants, legal counsel, and customers.
- Functional knowledge of common security legal and regulatory requirements and ability to identify actionable and scalable solutions to gaps identified.
- Prior experience working at an enterprise SaaS company with completion of several SOC2 engagements is preferred.