Business Information Security Officer (Cybersecurity)

TL;DR

Business Information Security Officer (Cybersecurity): Aligning product design and delivery to information security compliance frameworks and privacy regulations, with an accent on overseeing technical and process security controls, managing a team, and maintaining certifications. Focus on ensuring compliance to company policies, managing cyber risk, and providing strategic direction for information security posture.

Location: 100% remote anywhere in the US

Company

hirify.global is the leader in data integrity, empowering businesses to make more confident decisions based on trusted data through software, data enrichment products and strategic services.

What you will do

• Align to hirify.global Information Security Management System, addressing needs of staff, partners, customers, and stakeholders.
• Maintain current SOC 1 & 2 Type II, HIPAA HITECH, ISO 27001 & 27701 certification for software products.
• Ensure compliance with contractual obligations, customer security requirements, and implement additional compliance as needed.
• Identify and manage information and Cyber Security risks to the business unit.
• Oversee Cloud Governance procedures for all infrastructure running in the cloud.
• Coordinate DAST scans, internal pen testing, and third-party penetration testing across products.
• Assist as Subject Matter Expert in responding to information security questionnaires during RFP processes.

Requirements

• Must be based anywhere in the US.
• Experience managing an Information Security Management System in a complex IT organisation.
• Experience with completion of Information Security questionnaires as part of RFP responses.
• Experience with line management of team members.
• Excellent understanding of best practice within Information Security and risk management, including ISO 27001.
• Strong understanding of GDPR, HIPAA, PCIDSS, CCPA, and other relevant legislation/regulations.
• Excellent communication skills, both written and verbal, with the ability to present complex technical issues simply.

Nice to have

• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
• Experience using GRC platforms to define and manage InfoSec policies and audits.
• Experience of tooling to manage RFP responses.
• Ability to perform SAST/DAST scans & Pen Test assessments.
• Experience with automated cloud compliance.

Culture & Benefits

• Committed to career development with opportunities for growth, learning, and community building.
• "Work from anywhere" culture (company-wide, this role specific to US).
• Celebrates diversity in a distributed environment with a presence in 30 countries.
• Unified by core values: Openness, Determination, Individuality, and Collaboration.