Senior Manager, Software Engineering

Position Overview:

 Do you thrive in a startup vibe? Were you built for a small, nimble and dynamic team thats ready to win? If you answered yes, we want to talk to you! We are now going back to our roots as a standalone business unit to focus on our SaaS businessman area where we see growth potential. This business unit is unique, and we certainly aren't afraid to stand out from the crowd and tackle the bigger competitors.We are seeking a highly skilled and motivated Senior Manager of Security to join our dynamic team at ShareFile, a leading SaaS company operating on the AWS platform.

The Senior Manager of Security will play a pivotal role in ensuring the security, compliance, and privacy of our cloud-based services. This role requires a strong background in managing Security Operations Centers (SOCs), Cloud Security Engineering, Compliance, and Privacy functions, with a specific emphasis on utilizing infrastructure and policy as code methodologies, and a robust focus on driving automation throughout the security processes. The ideal candidate will have a deep understanding of cloud security best practices, compliance frameworks, and a proven track record of implementing robust security measures in a fast-paced SaaS environment.

Role Overview:

 Now, lets get into the details. This role will have ownership of Security reporting into Engineering and Operational leadership, leading and helping drive our security and compliance footprint as we modernize and automate our way into the future.

Key Responsibilities:

• Security Operations Management: Lead and manage the Security Operations Center (SOC) team responsible for monitoring, detecting, and responding to security incidents and threats. Establish incident response procedures, coordinate with cross-functional teams, and ensure timely incident resolution.
• Cloud Security Engineering: Oversee the design, implementation, and maintenance of effective security controls within the AWS environment using infrastructure as code principles. Collaborate with DevOps and Engineering teams to integrate security into the development lifecycle using policy as code and automation, ensuring the security of cloud-based applications and infrastructure.
• Compliance and Regulatory Oversight: Drive compliance initiatives by establishing and maintaining security policies and controls as code, aligned with industry standards and regulations. Manage audits and assessments related to PCI, ISO, SOC-2, HIPAA, and Global Data Privacy, ensuring successful compliance outcomes.
• Privacy and Data Protection: Ensure the protection of customer data and privacy through automated data classification, access controls, and encryption mechanisms, in accordance with global data protection regulations.
• Risk Management: Identify and assess security and compliance risks, and develop automated strategies to mitigate them effectively. Collaborate with cross-functional teams to implement automated risk management processes and procedures.
• Team Leadership: Lead, mentor, and develop a high-performing security team with a focus on automation, infrastructure, and policy as code methodologies. Provide guidance, coaching, and support to team members, fostering a culture of continuous learning and professional growth.
• Vendor and Third-Party Security: Evaluate the security posture of third-party vendors and partners using automated assessments, ensuring they meet the company's security and compliance standards.
• Security Awareness and Training: Develop and deliver security awareness programs using automated methods to educate employees on security best practices and promote a culture of security consciousness.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field; Master's degree preferred.
• Minimum of 10 years of experience in Information Security, with at least 5 years in a leadership role within a SaaS company or similar environment.
• Proven experience managing Security Operations Centers (SOCs) and Cloud Security Engineering teams.
• Deep understanding of cloud security principles, particularly in an AWS environment, with experience in infrastructure and policy as code methodologies.
• Extensive knowledge of compliance frameworks, including PCI, ISO, SOC-2, HIPAA, and Global Data Privacy regulations.
• Strong expertise in risk management, incident response, and security architecture, with a focus on automation.
• Excellent leadership and team management skills, with a track record of building and developing security teams.
• Strong communication and interpersonal skills, with the ability to collaborate effectively across departments and communicate security concepts to technical and non-technical stakeholders.

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• AWS Certified Security Specialty
• Certified in ISO27001, SOC-2, or similar certifications

If you are a dedicated and experienced security professional with a passion for leading security initiatives in a fast-paced SaaS environment with a focus on automation, infrastructure, and policy as code methodologies, we encourage you to apply. Join our team and help us ensure the security, compliance, and privacy of our cutting-edge cloud-based services.