Security and Compliance Manager

The Security Manager is a fully remote position over the Information Security Team at C^RET Legal, reporting to the SVP Cloud Engineering and Technology. This position owns the success of the Cyber Security & Compliance Programs that keep C^RET’s business enterprises secure while protecting the C^RET brand with our loyal customer base. The person manages and participates with the team for all aspects related to the day-to-day operations of the Security and Compliance Dept. With the SVP they will own, create, and deliver department goals that encompass the “defense in depth” and “zero trust” services that support our customers. The manager will work directly with department leaders to continually improve C^RET’s Security posture while striking a balance between business needs, risk, and security requirements.

The Security Manager should have a strong and demonstrated business sense and experience in Cyber Security across Cloud Security (CloudSec), Vulnerability Management & Response (VMR), and Governance Risk Compliance (GRC) in SOC2, PCI-DSS, GDPR, & ISO 27001. Your experience should be supported by extensive and diverse experience in leading high-profile technical programs and projects. Your capability to review and advise on Security matters should span into the domain knowledge of Systems and Cloud Engineering, Network Operations, and Application Development.

Responsibilities

• Lead the daily operations of the Security Engineering and Compliance department
• Advise executives on the best strategies for optimizing the security of our data, systems, and business processes
• Review and update security and privacy policies and roadmaps
• Design, implement, manage, and automate robust cybersecurity solutions to safeguard our networks, systems, and applications.
• Conduct thorough security assessments and risk analysis to identify vulnerabilities and recommend appropriate measures for mitigation.
• Collaborate with cross-functional teams to integrate security best practices into the development lifecycle of applications and infrastructure.
• Monitor and respond to security incidents, conduct incident investigations, and implement incident response strategies.
• Stay abreast of emerging threats and vulnerabilities, and proactively implement measures to counteract potential risks.
• Develop and deliver cybersecurity training programs to educate staff on security best practices and promote a security-conscious culture.
• Evaluate and recommend new technologies, tools, and methodologies to enhance our cybersecurity posture.
• Conduct regular security audits and assessments to ensure compliance with industry standards and regulatory requirements.
• Provide expertise and guidance on security-related matters to internal stakeholders and leadership.