Sr. Program Manager, Information Security

TL;DR

Sr. Program Manager, Information Security: Building and maturing the company’s enterprise information security and cybersecurity program with an accent on establishing a scalable, repeatable, and auditable security operating model aligned to the NIST Cybersecurity Framework. Focus on security outcomes across the business, including risk management, audit readiness, data protection, and incident preparedness.

Location: Remote

Company

hirify.global is the world’s largest material marketplace for the architecture and design industry, operating in 37 countries.

What you will do

• Lead and mature hirify.global’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion.
• Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction.
• Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails.
• Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews.
• Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement.
• Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance.

Requirements

• 8+ years of experience in information security, security engineering, or security program leadership.
• Direct ownership of SOC 2 or comparable assurance frameworks, including implementation, remediation, and sustained operation.
• Strong working knowledge of AWS cloud security, identity and access management, application security, and incident response.
• Demonstrated ability to operate independently with high accountability and limited resources.
• Proven ability to define strategy while executing hands on remediation when needed.
• Ability to communicate security risk clearly to both technical and non technical stakeholders.

Culture & Benefits

• Flexible PTO, Sick Days, Paid National Holidays.
• Company contributes to your medical, dental, vision and short-term/long-term disability plans and has a strong employee assistance program.
• 401(k) eligible after your first 90 day's employed!
• Company sponsors multiple events throughout the year to help out our communities.
• Flexible work schedules with a hybrid working model.