We’re looking for a hands-on, detail-oriented Information Security Manager to take ownership of our internal Information Security posture. In this role, you'll lead the implementation and management of our security operations, policies, and compliance processes. You’ll work cross-functionally to ensure our systems, data, and employees follow best practices and meet relevant regulatory requirements.
This is a foundational role for our security efforts—ideal for someone who enjoys building systems, and shaping policies in a small, fast-paced environment.
Key Responsibilities
Maintain and continuously improve the company's information security practices, tools, and procedures.
Monitor internal systems for vulnerabilities or breaches, and lead incident response efforts when necessary.
Develop, implement, and enforce security policies, standards, and procedures across the organization.
Lead and manage compliance initiatives related to frameworks such as SOC 2, ISO 27001, and GDPR.Conduct internal risk assessments and coordinate third-party audits, ensuring timely remediation of findings.
Oversee identity and access management (IAM), ensuring least-privilege principles are applied and maintained.
Provide security training and awareness programs to employees across all departments.
Evaluate and manage the security posture of third-party vendors and cloud services.
Collaborate with engineering and IT teams to embed security best practices into systems and workflows.
Stay current with emerging threats, technologies, and regulatory changes that may impact the company’s security posture.
Qualifications
7+ years of hands-on experience in information security, IT security, or a related field.
Familiarity with common security and compliance frameworks (SOC 2, ISO 27001, NIST, GDPR, etc.).Strong understanding of modern IT infrastructure (cloud services, SaaS, access controls, security architecture, etc.).
Excellent communication skills—you can translate complex security concepts for non-technical teams.
Experience in a startup or small company environment is a plus.
Nice to Have
Relevant certifications (e.g., CISSP, CISM, CompTIA Security+, ISO 27001 Lead Implementer).
Exposure to secure software development practices (DevSecOps, secure SDLC, etc.).
Experience in security operations and/or incident response.