Information Security Manager
How your skills and passion will come to life at Headspace:
- Oversee the implementation of Headspace's overall risk management and compliance framework for information security, privacy, business continuity, and disaster recovery.
- Assist with compliance programs by assessing control frameworks and compliance risks, facilitating meetings with auditors and fulfilling evidence requests.
- Own roadmap and delivery of key programs, and implement effective controls to enhance the company’s cybersecurity posture.
- Ensure Headspace implements processes to identify potential vulnerabilities and their impact; develop and implement risk responses.
- Develop application security policies, tools to enable the engineering organization to comply, and partner with delivery teams to execute.
- Document and help enforce security and privacy policies, processes, standards and procedures
- Monitor internal and vendor compliance with company security policies, standards, and procedures.
- Establish and manage relationships with external information security technology vendors, and specialized information security professional services firms, including participation in the evaluation of capabilities, and negotiation of agreements between the company and these entities.
- Create and maintain processes to ensure timely response to customer security questionnaires and manage/coordinate external audits.
What you’ve accomplished:
- Must have led or played a key role implementing a formal Information Security Program in the past 2-3 years
- In-depth knowledge of GDPR
- Strong ability to work collaboratively with various technology and business leaders to mutually achieve business and security goals.
- Must have hands-on experience as an IT engineer or software engineer
- Must have a clear understanding of the challenges of information security
- Must be able to communicate with and present to senior management and peer groups
- Professional information security certification, e.g. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
- Bachelor's degree in Computer Science, Information Systems, Engineering or related major with a minimum of four years’ experience in the information security field required.
Big plus, if you:
- Worked on compliance around: HIPAA, HITRUST, GDPR
- Experience securing PII data
- Holder of at least one Security Certification- CISSP, HCISPP, SSCP, CCSP, or CISM
- Have designed secure infrastructure systems in public cloud environments