ENGSECM3 - Manager, Information Security Engineering and Compliance

What Makes You a Great Fit:

The Manager, Information Security Engineering and Compliance, is a critical role within an organization, responsible for overseeing and leading a team of security engineers and compliance analysts. This role ensures the protection of the company's information assets, manages application and cloud security risks, and maintains compliance with security/compliance policies and regulations.

How You'll Make an Impact:

Team Leadership & Development

• Lead, mentor, and manage a team of information security engineers and compliance analysts, providing guidance and support for their professional development.
• Foster a collaborative and high-performance team culture, encouraging innovation and continuous improvement.
• Conduct regular performance reviews, set goals, and provide feedback to team members
• Identify and address skill gaps within the team, facilitating training and development opportunities.

Security Strategy & Planning

• Develop and implement the organization's information security strategy in alignment with business objectives.
• Oversee security assurance activities, including control design evaluations, walkthroughs, and control effectiveness testing aligned with regulatory and framework requirements (e.g., ISO 27001, SOC2, TX-RAMP).
• Direct the testing of security controls, including coordination with internal audit, external assessors, and business stakeholders
• Assess and identify security risks, vulnerabilities, and threats, and develop mitigation plans.
• Collaborate with other departments to integrate security into all aspects of the business.
• Maintain and update security policies, standards, and procedures to ensure compliance with relevant regulations and industry best practices.

Security Architecture & Engineering

• Evaluate and recommend new security technologies and tools to enhance the organization's security capabilities.
• Ensure that security solutions are properly integrated and configured within the organization's infrastructure.

Let's Connect If You:

Education & Experience

• Bachelor’s degree in computer science, Information Security, or a related field. A master's degree is preferred.
• At least 10 years of experience in information security, with a minimum of 5 years in a leadership or managerial role within infoSec GRC
• Strong technical background in information security, including knowledge of security technologies, tools, and best practices.
• Experience in developing and implementing security strategies and plans.
• Advanced knowledge of CrowdStrike or similar products would be an added advantage.
• Certifications such as CISM, CRISC, CISSP, or CGEIT are preferred.
• Strong knowledge of information security and risk management frameworks (e.g., NIST, ISO, COBIT, CIS).
• Proven success in managing audit and regulatory interactions.

Skills & Competencies:

• Excellent leadership and team management skills, with the ability to motivate and develop team members.
• Strong analytical and problem-solving skills, with the ability to assess complex security risks and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels of the organization.
• Strong project management skills, with the ability to manage multiple projects and priorities simultaneously.
• In-depth knowledge of information security principles, technologies, and best practices.
• This role requires 3 days in office at our Palo Alto, CA location

Certifications

• Certifications in specific security technologies or frameworks are a plus.