Security & Compliance Manager
Caret
San Diego, california
Job Details
Full-time
Full Job Description
CARET brings the latest in technology and automation to over 10,000 legal and accounting firms, empowering highly skilled professionals to refocus their expertise on what truly matters. CARET harnesses powerful and secure practice management, document automation, and payment processing to take firms, professionals, and their clients further.
Our team-defined values guide how we show up for each other, for our partners, and for our customers:
- We succeed together.
- We embrace progress.
- We care big.
- We create space.
Security Manager
The Security Manager is a fully remote position over the Information Security Team at C^RET Legal, reporting to the SVP Cloud Engineering and Technology. This position owns the success of the Cyber Security & Compliance Programs that keep C^RET’s business enterprises secure while protecting the C^RET brand with our loyal customer base. The person manages and participates with the team for all aspects related to the day-to-day operations of the Security and Compliance Dept. With the SVP they will own, create, and deliver department goals that encompass the “defense in depth” and “zero trust” services that support our customers. The manager will work directly with department leaders to continually improve C^RET’s Security posture while striking a balance between business needs, risk, and security requirements.
Job Description:
The Cyber Security Manager should have a strong and demonstrated business sense and experience in Cyber Security across Cloud Security (CloudSec), Vulnerability Management & Response (VMR), and Governance Risk Compliance (GRC) in SOC2, PCI-DSS, GDPR, & ISO 27001. Your experience should be supported by extensive and diverse experience in leading high-profile technical programs and projects. Your capability to review and advise on Security matters should span into the domain knowledge of Systems and Cloud Engineering, Network Operations, and Application Development.
Responsibilities
- Lead the daily operations of the Security Engineering and Compliance department
- Advise executives on the best strategies for optimizing the security of our data, systems, and business processes
- Review and update security and privacy policies and roadmaps
- Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications.
- Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation.
- Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure.
- Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies.
- Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks.
- Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture.
- Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture.
- Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements.
- Provide expertise and guidance on security-related matters to internal stakeholders and leadership.
Requirements
- Minimum 2+ years in a People Manager role of a Security team with demonstrable experience in growing individuals
- Minimum 5+ years of continuous experience in Cyber Security in addition to experience in other domains such as Engineering, Operations, and/or Compliance
- Experience in Vendor Management and product and service comparisons to include decision making of buy versus build
- Deep technical knowledge of Cyber Security, DevOps, and InfraOps is preferred
- Security Architecture principles (Defense-in-Depth, Secure by Design, Zero Trust, etc.)
- Experience in varied environments (Azure, AWS, Private Cloud
- Experience in varied technologies (IaC, SDN, Firewalls, Servers, Containers, Serverless, Endpoints, Collaboration, etc.)
- Security Program Phases (Risk Assessment, Architecture and Design, Implementation, Operations and Monitoring)
- Strong organization and leadership skills with the ability to facilitate technical sessions and capable of communicating complex technical information to a non-technical audience and mentor and coach technical staff
- Certification in at least one of the following CISA, CISM, or CISSP
- Knowledge of NIST, CIS, ISO, OWASP and other applicable Security Industry Standards and Best Practices
- Experience with Microsoft Defender, Rapid7, CoalFire, and Trivy are positives
Benefits
- Flexible PTO
- Summer Fridays
- No meeting Fridays
- Medical, Dental, Paid Sick Days, Vision, and Supplemental Coverage
- Flexible Spending Account
- Health Savings Account
- 401(k) match
If you are not sure that every qualification on the list above describes you exactly, we'd still love to hear from you! We value people with unique backgrounds, experiences, and skillsets. If you’re passionate about having a significant impact and shaping the foundations of a rapidly growing product, please apply!
Equal Employment Opportunity: CARET is an Equal Opportunity, Affirmative Action Employer.
Pay range: $150,000- $160,000. Actual base pay will depend on varying circumstances, including the position, location, individual qualifications, market finances, and other operations business needs.
Depending on the position, compensation may also include commission, bonuses, etc. Potential for bonuses is based on company performance and potential for merit increases is based on performance.