The Manager of Information Security and Technology at Opal drives IT and Information Security initiatives with minimal oversight and independently manages InfoSec and IT related projects. This position has management responsibilities over IT and InfoSec employees focused on compliance, certification, data handling, end-user support and Opal systems administration.
From the InfoSec lens, this position is responsible for ensuring that unreleased marketing information shared with Opal from Fortune 50 and Fortune 500 customers, including Microsoft, NBC, Activision, GM, NASA, and others is continuously protected from unauthorized disclosure and abuse. Additionally, you will be responsible for ensuring that Opal compliance programs, including SOC 2, ISO 27001, and GDPR/CCPA privacy initiatives are continuously maintained at high levels. From the IT lens, this position is responsible for ensuring smooth operations for IT across themes of hardware and software management, on/off boarding, general project management for automation or software support, and system administration across a variety of platforms is maintained.
You should be passionate and vigilant about cultivating ecosystems, documenting your ideas, roadmapping and communication, and generally be excited to own a growing team of people and the scopes of InfoSec and IT at Opal. It is critical to have an understanding of the impact of both human, technology, and security factors at startups. Your goal should be to enable business continuity via IT/InfoSec with a high degree of efficiency. Just as importantly, you are approachable and offer a friendly demeanor to all levels of staff, showing proactiveness and enthusiasm for InfoSec/IT projects and problem-solving.
This position is part of the management team within our TechOps(DevOps, QA, Support, Automation, InfoSec, IT) group and works collaboratively with members of the Executive team, internal technical experts including Software Engineering, DevOps, QA, Support, and external customers via legal, security, and procurement. Opal maintains SOC 2 Type 2 and ISO 27001 compliance, partners closely legal and with several major customers on onsite security audits and compliance assessment. You and your groups will also perform high-touch customer InfoSec support during the procurement phase of the sales cycle. On the engineering side, you work collaboratively with other departments, including Engineering or DevOps, to ensure that Information Security risks are appropriately mitigated and that security technical debt(s) are managed and addressed over time.
- Be excited in ownership and the opportunity to shape what IT and InfoSec mean for an organization.
- Coordinate with the Director on building/planning/execution of IT and InfoSec roadmaps, policies, procedures, operations, and growth.
- Ensure your teams maintain existing Information Security systems, including vulnerability scanners, logging/alerting systems, antivirus, computer/device management systems, and UTM firewalls.
- Manage InfoSec vendor relationships, negotiate procurement and pricing.
- Work directly with customers and prospects to explain Opal security practices and standards.
- Adjust internal security standards, practices, policies, and risk mitigation controls in light of industry best practices and customer concern trends.
- Partner with Engineering and DevOps teams to define engineering-specific security requirements and frameworks.
- Evaluate proposed vendors for suitability with Opal’s internal requirements, 3rd party security requirements, and personal data privacy compliance requirements.
- Lead the Opal certification & audit program, which includes ISO 27001, SOC 2 Type 2, and Microsoft SSPA certifications, as well as supporting annual customer security audits with your team.
- Partner with Legal to ensure compliance with rapidly evolving standards for personal data protection and privacy, including GDPR and CCPA.
- Oversee patching and securing of Opal-issued hardware and devices.
- Develop and maintain Opal policies and documentation relating to security or IT.
- Develop and maintain internal training programs.
- Maintain positive interactions cross-functionally with security advocates and area managers in all departments.
- Coach and counsel IT/InfoSec staff member performing end-user support work and system administration. Assisting in career growth, development and 1on1s.
- Daily standups with IT/InfoSec teams, project or workflow guidance
Skills, Experience, Knowledge
- 5+ years of InfoSec experience relating to systems management, InfoSec, and/or Information Technology.
- 1+ year of people management experience, or 1+ year of senior-level InfoSec work with demonstrable mentorship/training experience.
- A strong sense of professional ethics, knowledge and ability to understand when to advocate zealously, considering the short-,mid-, and long-term best interests of the business.
- Excellent technical writing capability and attention to detail.
- Previous experience supporting systems configured as cloud-based SaaS platforms and comprehensive understanding of cloud-based SaaS platform architecture and related vulnerabilities.
- Experience providing InfoSec or IT expertise to support operating systems, protocols, and system architecture.
- Possess a high-level of diplomacy and political savvy in professional interactions.
- Comfortable working with diverse stakeholders to build consensus and implement new initiatives.
- Ability to manage and prioritize multiple requests simultaneously.
- Ability to draft and maintain internal security policies, public facing security statements, and other written security collateral.
- Natural alignment with Opal’s Values: Professional, Intentional, Steadfast, Helpful, Creative, Passionate, and Empathetic.
- Demonstrated ability to work effectively with individuals from diverse communities and cultures.
- Experience with security audits and/or regulations (i.e. SOC 2, ISO 27001)
- Experience with macOS environments
- Experience acting in a customer-facing capacity
- The InfoSec Manager position is open to qualified candidates who do not possess an Associate or Undergraduate degree. Please add 1-2 additional years of job experience if you do not possess an Associate or Undergrad degree. If you possess a security certification, such as CISM, CISSP, CSP, GIAC, etc, this additional experience requirement may be waived.
Opal is pleased to offer a comprehensive total rewards package for employees and their families, providing a diverse range of benefits such as:
- Competitive, market-leading compensation package, including stock options
- 100% company-paid individual premium for Medical/Rx, Dental, and Vision Insurance (with dependent premiums 50% company-paid)
- Flexible Spending Accounts (FSA) for Health, Dependent Care, Commuter, Parking
- Company-paid Group Life/AD&D, Short, and Long Term Disability Insurance
- Pet Insurance for your furry friend
- Flexible Paid Time Off and Paid Holidays
- Paid Parental Leave & Flexible Back-to-Work Program
- 401(k) and Roth Retirement Plans
- Company-sponsored outreach and activity programs
- Modern office space with snacks, coffee, and friendly coworkers
Opal is an equal-opportunity employer and committed to creating an inclusive and diverse environment. We believe a diverse workplace promotes innovation and enhances decision making. We encourage applications from all qualified candidates and will consider all applicants without regard to race, color, religion, gender identity or expression, national origin, sexual orientation, disability, age, or veteran status.