Information Security Manager

Aunt Bertha, a Public Benefit Corp. ยท Austin, TX

Other
Health & Well-Being
Public Infrastructure
Partners & Advocates
Posted 1 month ago

Excel
Google Cloud Platform
Security
ExpressJS
Featured Job

Our Mission: To connect all people in need and the programs that serve them (with dignity and ease).
 
Aunt Bertha picks up where Uncle Sam leaves off by making it easy to find and apply for government and charitable social service programs. By organizing the world's human service program information, we make it easy for people in need and the people who help them to find help in seconds on https://findhelp.org.
 
We are looking for people who are driven to make the world a drastically better place and want to join our small group of thoughtful, committed citizens because they believe, as Margaret Mead said, "Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has."
 
Our employees are aligned around this mission. That's why it is a requirement of our application process that you include a cover letter detailing how Aunt Bertha’s mission speaks to you. 
 
Please note: If our mission doesn't strike a chord with you that is OK. But please consider not applying. We are seeking people who come on fire after learning about what we do.
 
The Work
 
In this work, privacy and security are a top priority and foundational to all that we do. For example, we work with health insurers, hospital systems, schools and universities, city and state governments, and more, to reach people in need. Therefore, it is of the utmost importance that we protect our customer’s and our user’s data by delivering against the Security, Privacy, and Compliance commitments we make to our diverse constituent groups. To ensure we do this, we seek to hire an Information Security Manager who will serve as the Deputy CISO responsible for executing our Information Security Program. 
 
Our Information Security program attained HITRUST status in 2019. This role is a critical part of our strategy to maintain our compliance status while incrementally improving our security program and modernizing our platform architecture. Strong process skills and an ability to pull alongside the product engineering teams to evaluate the security impact of changes are a must for any successful candidate. 
 
The Ideal Candidate
 
 such as logical access control or separation of duties when working across the business. They are confident in their ability to establish processes by putting “pen to paper” to document the current state, with an eye towards continuous improvement in the future. This candidate is excited to learn the ins and outs of executive communication and corporate governance while bringing their deep expertise as a subject matter expert and an individual contributor to the executive leadership committee. Aunt Bertha takes its customer commitments seriously and is expecting this hire to be the first line of defense to ensure our senior leadership is informed and effective when it comes to managing our security, privacy, and compliance risks. 
 
This skillset and experience level can expect to command 150-195 base salary, with higher pay bands associated with more excellent experience serving in a CISO or vCISO capacity. Ideal candidates will be excited to have access to senior management and gain experience coaching executives on managing cybersecurity risk. Additionally, they understand this role to be one that will require them to serve as a shining example of what being an independent contributor looks like on the security team.
 
Candidate Stregnths: 
Ideal 
· Has deep technical expertise both in cloud technology and information security within an agile, DevOps engineering culture
· Has strong business acumen and experience communicating with C-Suite 
· Has managed policy and procedures before in a formal manner
Acceptable 
· Has deep technical expertise in cloud security, but not NIST or healthcare compliance
· Has not managed policy and procedure formally, but has expert process management skills 
· Lacks experience communicating with C-Suite 
Risky 
Has not managed individual contributors 
Is not confident in process skill set – Documentation, Design, Execution, and Improvement 
Does not have any cloud experience
Thinks manual asset inventories are good enough
 

Responsibilities

      • Facilitate Executive Risk Committee meetings and continuously improve the effectiveness of risk management processes 
      • Review, Update, and Maintain Information Security policies and procedures as well as the company risk register 
      • Respond to customer requests for information regarding our cybersecurity and compliance posture (Cybersecurity Questionnaire’s) 
      • Support Annual HITRUST and HIPAA audits 
      • Develop Aunt Bertha’s information security program using the NIST 800-171 framework 
      • Manage the security operations team comprising of security analysts and an embedded security engineer 
      • Work with the Engineering department to develop a secure software development lifecycle (S-SDLC)
      • Translate security and compliance requirements into technical controls that can be developed by the engineering department and embedded into the platform 
      • Review new technologies and evaluate their impact on current and future compliance requirements 
      • Mature security operations through needs analysis, selection, configuration and monitoring of security tools such as: 
o Security Information and Event Management (SIEM) systems 
o Web Application Firewalls – WAF 
o Endpoint Protection Systems – EDR 
o Intrusion Detection and Protection – IDS/IPS 
o Cloud Security Posture Management - CSPM 

Key Experience/Requirements

    • CISSP or CISM certification 
    • 3+ Years working as an Information Security Manager or Process Lead for a HIPAA or HITRUST organization 
    • Deep understanding of Risk Management processes and principles 
    • Technology selection and vendor management experience 
    • Experience managing individual contributors and providing critical feedback

Nice-to-Have

    • A Cloud Security Certification on GCP/Azure/AWS
    • Lean/SixSigma experience or greenbelt certification
 
 
Aunt Bertha is proud to be an Equal Opportunity Employer. We are building a company whose employees understand our users, through their own lived experiences. This means we strive to hire employees that are diverse by race, gender, gender identity, gender expression, age, religion, sexual orientation, physical abilities, veteran status and socio-economic upbringing.

Related Jobs

View more open tech jobs in Austin, TX
Be the first to see new Information Security Manager jobs

Save this search to get an email when new jobs match this search.

Create Email Alert