Business Information Security Officer

TL;DR

Business Information Security Officer: Managing information security compliance and privacy regulations for SaaS and on-prem software products with an accent on aligning product design and delivery to security frameworks. Focus on maintaining certifications, identifying and managing cyber security risks, and acting as an SME for presales activities.

Location: Global remote

Company

hirify.global is the leader in data integrity, empowering businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products, and strategic services.

What you will do

• Align to and maintain the hirify.global Information Security Management System across the Engage business unit.
• Maintain current SOC 1 & 2 Type II, HIPAA HITECH, ISO 27001 & 27701 certifications for Engage software products.
• Ensure compliance with contractual obligations, customer security requirements, and company information security policies.
• Identify and manage information and cyber security risks for Engage, using and improving hirify.global measures.
• Coordinate DAST scans, internal and third-party penetration testing, and vulnerability scans across all Engage products.
• Act as a Subject Matter Expert for presales, responding to security questionnaires and writing technical security whitepapers.

Requirements

• Experience managing an Information Security Management System in a complex IT organization.
• Strong understanding of information security and risk management best practices, including ISO 27001.
• Excellent understanding of legislation and regulations such as GDPR, HIPAA, PCIDSS, CCPA.
• Knowledge of current and emerging threats and countermeasures, including application security.
• Good practical knowledge of security technologies including DevOps, Identity and Access Management, penetration testing tools, remote working and cloud technologies.
• Ability to work within compliance or regulatory frameworks and to evidence continuous improvement.

Nice to have

• One or more certifications: CISM, CISSP, CISA, or NCSC Certified Cyber Professional (SIRA, IA Architect, IA Auditor, IT Security Officer).
• Experience using GRC platforms to define and manage InfoSec policies, prepare for audits and manage risk.
• Experience of tooling to manage RFP responses.
• Perform SAST/DAST scans & Pen Test assessments.
• Experience with automated cloud compliance.

Culture & Benefits

• Work from anywhere culture.
• Committed to career development with opportunities for growth, learning and building community.
• Celebrates diversity in a distributed environment with a presence in 30 countries and 20 offices.
• Unified by four core values: Openness, Determination, Individuality, and Collaboration.