Information Security Program Manager
About Spring Labs:
Spring Labs is redefining how data is exchanged for the new age of data sharing, security, and consumer privacy through decentralization. Our Spring Protocol Tech Stack, which includes the use of Blockchain and Cryptography, allows institutions to share information among themselves to verify identities and reduce fraud - all while protecting consumer data.
Working at Spring Labs is about being part of a collaborative team, comprised of some of the most talented people in the industry. You would be welcomed into a fun, inclusive environment where we care as much about our employees as we do about our product.
As part of Spring Labs’ Information Security and Compliance Teams, the Security Program Manager will be responsible for continuously improving and maintaining the security of our cloud platform and infrastructure. The ideal candidate will have experience working in a Financial Services organization and collaborating with and advising Product, Engineering, and Governance teams. Reporting to the Chief Information Security Officer, this role will be responsible for ensuring that Spring Labs meets all technical security requirements and safeguarding all information technology assets.
The Security Program Manager will collaborate closely with the Spring Labs CISO and COO to ensure that security control requirements are accounted for across all security initiatives. As the manager of Spring Labs security program, this individual will ensure the proper prioritization of business, technology, and operations functions, confirm the presence and effectiveness of security. This is a hands on, individual contributor role.
- Lead the design and execution of the enterprise security operations processes, procedures, and playbooks
- Lead the security operations by monitoring Security Incident and Event Monitoring Systems and by triaging malicious events to ensure all true positive events are remediated in a timely fashion
- Respond to cyber threats and incidents by following correct protocols that meet regulatory and law enforcement requirements
- Design and implement a risk-based vulnerability remediation process
- Assist in the performance of annual incident response tabletop, business continuity testing processes
- Undertakes risk assessments of exposures, identifying security risks, evaluating their potential impact and reviewing the strengths and weaknesses of existing controls
- Ensuring effective controls are in place for management of security capabilities (e.g., access management, vendor oversight)
- Partner with other risk and compliance functions to develop and implement controls that mitigate risks
- Evaluation and interpretation for Spring Labs of industry best practices (NIST, ISO, SANS, COBIT, CERT) and compliance requirements (Legislative, Regulatory –CAT, FFIEC, SOX, PCI, HIPPA, CCPA, GDPR etc.)
- Counsels business unit managers on risk management issues.
- May participate in evaluating new products, changes to the channels through which products are offered, and technology impact assessments for their impacts on the company's or LOB's risk profile
About you
- 5 years leading Security Operations and Risk Management activities, within the Financial Services Industry
- Extensive experience proactively conducting, security monitoring, technical risk assessments to identify security risks and designing mitigation controls
- Diverse experience with complex Financial Services information technology programs and products
- Extensive experience in the development, implementation and management of security policies and procedures, resiliency / continuity planning, auditing and risk management in the financial services industry
- Working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT)
- Deep understanding of Legislative, Regulatory and Compliance Requirements (Legislative, Regulatory – CAT, FFIEC, SOX, PCI, HIPPA, CCPA, GDPR etc.)
- Must possess the ability to communicate security-related concepts, the state of security and risks, as well as cost effective program design and mechanics to a broad range of stakeholders including: senior business executives, technical and non-technical associates, customers, business partners, vendors, etc.
- Exhibit a high level of collaboration, to effectively navigate in a matrix environment, with competing priorities
- Must be a seelf-starter, who thrives in a fast-paced, start-up environment
- Proven ability to think outside the box to solve problems. Does not default to industry norms
- Exhibit a creative, innovative and thorough approach with the ability to operate autonomously
- Effectively manages, and fosters change
Perks
- Casual Work Environment
- Fully Stocked Kitchen
- Free Gym
- Weekly Office Events
- Unlimited PTO
- Comprehensive Medical/Dental/Vision
- Flexible Savings Accounts
- 401(k)
Equal Opportunity Statement:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.