Information Security Manager

We’re looking for an experienced Information Security Manager to lead and grow our security and compliance programs. This role is critical to ensuring our organization maintains high standards of data protection, risk management, and regulatory compliance. You’ll work closely with leadership, engineering, legal, and customers to design and implement security policies, respond to security questionnaires, and prepare for audits and certifications like SOC 2 or ISO 27001.

What You’ll Do:

• Own and maintain the company’s security policies, procedures, and risk management practices.
• Lead our compliance programs, including SOC 2, ISO 27001, and customer-specific requirements.
• Complete and manage security questionnaires and vendor assessments from prospects and customers.
• Work with internal teams to ensure technical and operational controls align with compliance frameworks.
• Conduct internal security reviews, gap analyses, and ensure ongoing remediation plans are tracked and executed.
• Support incident response planning and ensure the team is trained and ready.
• Collaborate with legal and sales teams to support customer trust and contract negotiations.
• Stay up to date with evolving industry standards, privacy laws, and best practices.

What We’re Looking For:

• 2-4 years of experience in information security, compliance, or risk management.
• Strong understanding of compliance frameworks (e.g., SOC 2, ISO 27001, NIST, GDPR).
• Proven experience in drafting and maintaining security documentation and policies.
• Comfortable managing and responding to security questionnaires and customer due diligence requests.
• Strong communication skills and ability to work cross-functionally with technical and non-technical teams.
• Self-starter who thrives in fast-paced environments with ownership mindset.

Nice to Have:

• Experience with audit readiness and direct interaction with auditors.
• Familiarity with security tools like GRC platforms, vulnerability scanners, SIEMs.
• Background working in cloud-native, SaaS, or startup environments.
• Security certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor.
• Experience with privacy regulations (e.g., CCPA, HIPAA) and contract security reviews.