Job Description
Job Description
Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and heard-of-hearing.
Benefits
- Paid Vacation Time and Paid Sick Time and Paid Holidays
- 401k 6% match with immediate vesting
- Nationwide Medical Insurance plans and coverage (Medical, Dental / Orthodontia, Vision)
TeleDoc
HSA company match3 Medical plan options including a Low Deductible PPO Medical Plan OfferingEmployee Assistance ProgramEngaged Employee Resource GroupsOutstanding Learning and Career Development OpportunitiesPay Range : Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.
Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this roleThis position can be 100% Remote or Hybrid for local candidatesEssential Duties and Responsibilities
Strategic Leadership & Program Development
Define and execute the application and product security strategy aligned with business goals.Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).Collaborate with engineering and product teams to embed security into all phases of software development.Contribute to security roadmap development.Technical Risk Management
Lead the identification, assessment, and management of technical risks in applications and products.Develop and maintain risk scoring models to prioritize security efforts effectively.Establish metrics and KPIs to measure security posture and drive data-informed decision-making.Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findingsManage technical Security Exception processDefine and maintain a security reference architecture that provides security best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.)Security Testing & Assurance
Oversee security testing initiatives, including penetration testing, red teaming, and technical audits of technology platforms and systems.Develop and enhance application security testing capabilities, including static (SAST), dynamic (DAST), and interactive (IAST) application security testing methodologies.Partner with external security researchers and vendors to conduct advanced security testing and assessments.Vulnerability & Remediation Management
Manage vulnerability identification and remediation efforts across applications and product environments.Establish secure coding practices and train development teams on security best practices.Implement and enforce automated security testing and continuous security integration within CI / CD pipelines.Compliance & Regulatory Alignment
Ensure compliance with industry security standards (e.g., ISO 27001, SOC 2, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).Partner with internal audit, compliance, and legal teams to address security-related regulatory requirements.Incident Response & Threat Management
Support incident response efforts related to application and product security threats.Collaborate with SOC and security operations teams to analyze and mitigate security incidents effectively.Skills / Certifications
Excellent documentation skills (i.e., solution workflow diagrams, system documentation, playbooks, etc.)Excellent written and verbal communications skills, including presentational skillsAble to clearly communicate risk to upper management and other key stakeholdersProven ability to work independently and in a multi-tasking environment with strong analytical and conflict resolution skills.Strong communication and leadership skills to engage both technical and non-technical stakeholdersUnderstanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA, FedRampPrior experience testing or validating system controls, configuration, and requirementsDeep experience in architecting mission critical application(s), Cloud-based PaaS, IaaS, and SaaS solutions.Ability to balance needs of business and securityExperience in Cloud Security, DevSecOps and Zero TrustExperience working in high-growth SaaS or technology-driven environments.Background in software engineering, DevOps, or cloud security architectureEqual Employment Opportunity :
CaptionCall and Sorenson Communications are an EOE, Disability / Age Employer.
Company Summary
Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.
Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.
As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all : call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.
Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.
