Sr. Manager, Information Security and Compliance - remote

Posted 2 years ago
Stack Overflow

COVID 19 UPDATE:

We have leaned into the current health crisis with the development of new features like Volusion Curbside. Since March, we have hired more than a dozen new Volusioneers with no signs of slowing down. We are actively interviewing for key roles in order to keep up with our product roadmap goals. During these unprecedented times Volusion continues to provide stability and growth opportunities to our employees and merchants alike.

We are doing our part to flatten the curve so for the time being all interviews will be conducted virtually. As a company ALL employees are currently working remotely.

About us:

Volusion powers thousands of ecommerce sites - from fledgling entrepreneurs like local artists selling handmade goods to mid market businesses processing millions of dollars in online sales every year. If you're a creative professional that has a passion for driving change and you want to better the world with your ideas, we want to hear from you!

Job Title: Sr. Manager, Information Security and Compliance

Location: Austin, TX is preferred (Willing to commute from other parts of TX, or must be open to relocating)

Job Description:

The Sr. Manager of Information Security and Compliance is responsible for the security of Volusion’s application and technical infrastructure ensuring that our network, systems, databases and software are architected and implemented to industry level security standards.

Additionally this position oversees risk assessment and compliance activities to protect the confidentiality and integrity of customer, employee, and business critical information in compliance with organizational policies and external regulatory standards. This position works closely with all business units across the organization to independently and objectively drive the overall Compliance Program focusing on improving the security posture of the Corporate and Customer facing environments.

Responsibilities:

  • Provide subject matter expertise to diverse teams through security consultation for risk analysis, remediation and solution development for countermeasures
  • Provide a significant contribution to the development of technical security policy and/or standards in order to guide operating practices within various information security and compliance subject areas. For example, PCI, SOX, HIPAA, etc.
  • Collaborates with Leadership team to address security risks, organizational risks, PCI, SOX, Safe Harbor, and Certification &Accreditation activities
  • Guide the organization through the development of a SOX compliance program and facilitate annual audits
  • Promote awareness and education in business units regarding security best practices and methodologies that support and achieve business objectives in a secure manner
  • Deliver strategic advice and guidance in the design and implementation of security reviews and detailing system and environmental security vulnerabilities in a clear and concise manner
  • Conduct quarterly PCI Scan tests, and work with PCI QSA to conduct annual PCI Audit
  • Manage a team of expert-level Senior Engineers to identify and remediate security vulnerabilities, and train developers in secure coding best practices
  • Perform internal and external Security Penetration tests, including conducting hands-on security evaluations, threat modeling, and penetration testing of networks and infrastructure
  • Conducts on-going risk assessments of security vulnerabilities, and recommends/oversees appropriate corrective actions
  • Research emerging products, services, protocols, and standards in support of security improvements and risk mitigation efforts. Provide recommendation to management on researched items.
  • Engineer and maintain security solutions to protect a variety of users, applications, platforms and computing environments, including the development and maintenance of security testing and vulnerability assessment tools, methodologies, and processes
  • Identify and resolve complex issues and develop innovative solutions to achieve business and technology goals while maintaining appropriate security
  • Mitigate security exposures through the development of risk-based business recommendations
  • Perform written and verbal presentations upon completion of security reviews and detailing system and environmental security vulnerabilities in a clear and concise manner to business stakeholders
  • Flexible, self-motivated, and results-oriented team player with the ability to handle multiple priorities in a dynamic environment
  • Must be a team player with excellent interpersonal, organizational, and oral/written communication skills

Qualifications:

  • Bachelor’s degree in Computer Science or Engineering from a four-year college or university;or equivalent training, education, and/or work experience
  • 5-7+ years of experience with a demonstrated track record of success in information security, risk management, compliance auditing and/or penetration testing
  • Information Security Certifications such as CISSP, GIAC, QSA or CEH
  • Strong working knowledge of risk &vulnerability assessment methodologies and security architectures/approaches relating to SaaS
  • In-depth technical knowledge of security engineering, computer/network security, penetration testing, authentication and security protocols
  • Highly skilled in the use of penetration testing tools such as nmap, dsniff, Nessus, metasploit, coreimpact, network sniffers, etc.

Who is also the embodiment of our culture code (we hope you are nodding in agreement as you flip through it!):

  • Humble: Have humility and be respectful;no egos allowed.
  • Effective: Get stuff done!
  • Adaptable: Willing to fill any role, anytime. Going above/beyond the call of duty.
  • Transparent: Open and honest to self and others.
  • Founders: Think big, go fast and solve for the customer.

Benefits &Perks:

  • Competitive Compensation Packages
  • 401(k) with Company Matching
  • Medical, Dental, Vision, and Voluntary Life Insurance
  • Employee Assistance Program
  • Paid Parental Leave
  • Flexible Paid Time Off
  • Two Volunteer Days Off
  • Birthday Off
  • Remote Work Flexibility
  • Professional Development Opportunities for Career and Skills Advancement
  • Robust Peer Recognition Program
  • Virtual Events: Trivia, Monthly Bingo, Scavenger Hunts, Back to School Day, Wellness
  • Giving Back to the Community Initiatives
  • Quarterly Virtual Team Building events