Information Security Manager

Our next-generation automated customer communication software enables companies of all sizes to boost customer satisfaction, ROI, and business output.

Using CommBox’s software, companies can automate monotonous tasks while managing customer interactions across multiple channels (website chatbots, instant messaging apps, email, social media platforms, and more).

Commbox’s mission is to revolutionize the way companies worldwide automate their operations, without losing their quintessential human touch.

We’re looking for people who are passionate about perfecting technology beyond their imagination. If you’re looking to take part in the revolution of business automation, advance your career and have a great time while doing it – CommBox is the perfect place for you!

We are seeking a skilled and experienced Information Security Manager to oversee and manage our organization's information security program. The ideal candidate will be responsible for implementing, maintaining, and continuously improving our security posture while ensuring compliance with industry standards and regulations.

Key Responsibilities:

1. Execute and manage the organization's security work plan
2. Develop, approve and maintain security policies, procedures, and standards, and upgrade technology as required
3. Oversee compliance efforts, including documentation for auditing purposes, ensuring compliance with ISO27001, ISO27701, GDPR and SOC2 standards and ongoing regulatory requirements
4. Serve as the primary point of contact for customers regarding vendor qualification and compliance and security related inquiries
5. Assess and monitor third-party vendors for compliance with our standards and regulatory requirements
6. Coordinate and facilitate internal and external security audits and risk assessments
7. Provide advice and assistance to management concerning information security, privacy, and related matters
8. Coordinate and analyze internal and external penetration testing, overseeing remediation efforts
9. Develop and maintain the incident response plan, ensuring regular training and simulation exercises for the incident response team
10. Conduct comprehensive security awareness programs for employees

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field
• Minimum of 2 years of hands-on experience in a security and compliance role, preferably within a SaaS organization
• Relevant security certifications (e.g., CISSP, CISM, CEH)
• Knowledge of information security principles, risk management methodologies, and compliance software/tools
• Proven experience in information security management
• Strong knowledge of ISO27001, ISO27701, GDPR and SOC2 standards and regulatory frameworks
• Hands on experience with configuring and maintaining vulnerability management tools
• Proficiency in coordinating and analyzing penetration testing activities
• Familiarity with cloud security operations (SecOps) practices and tools
• Excellent communication and leadership skills
• Ability to work effectively under pressure and manage multiple priorities

Bonus Qualifications:

• knowledge of cybersecurity best practices for network and cloud infrastructure
• Knowledge of web security and OWASP Top 10 security risks and mitigation strategies
• Familiarity with PCI DSS and HIPAA compliance requirements
• Experience in healthcare or financial services industries