Manager of Cyber Security

Application deadline: May 6th

The Manager of Cybersecurity at dotCMS is a technical/business individual who will report to the company CTO.  This individual will manage the ongoing development and implementation of dotCMS's security and data privacy programs and will be responsible for daily operations in support of these programs.  The successful candidate will form close, cross-functional relationships with executive, sales and engineering team leaders to implement and maintain appropriate security measures and processes, fostering a strong security culture company-wide, grounded in an understanding of acceptable levels of business risk.

Responsibilities

• Manage the ongoing development and implementation of dotCMS security programs.
• Manage and maintain ongoing SOC 2 (and possibly ISO) audit programs and requirements.
• Maintain effective company controls and documentation as required by such audits.
• Maintain the company’s cybersecurity incident response program, including leading responses to active incidents and conducting regular exercises as is required.
• Maintain the ongoing development of data compliance and privacy programs.
• Provide timely Sales Support for Information Security, Data Privacy Questionnaires and Security Questionnaires.
• Work collaboratively with the executives and team leads in engineering, and product management teams to ensure “data protection by design” and satisfaction of regulatory obligations in new products and product features.
• Conduct 3rd party security and privacy risk assessments, pen tests and vulnerability tests to identify areas of unexpected risk to business and technology operations.
• Assist with the overall security and business technology planning with an idea towards the future of security technology and systems.
• Manage the process of handling incoming vulnerability reports, from working with engineering to validate the reports, and ensuring a responsible process for mitigating and disclosing such vulnerabilities. 
• Maintain the company’s internal security awareness training program, including conducting regular exercises and providing training resources.
• Assist dotCMS teams in supporting cybersecurity audits by dotCMS customers
  
  

Requirements

• 3 years of experience in the field of Information/Cyber Security and
• 4 years of experience in a combination any of these roles within a SaaS/internet company:
• Cyber Security Researcher
• Data Compliance Expert
• Engineer / Developer
• Technical Documentation
• Product Management
• Business Analyst 
• SaaS or Cloud Security
• Successful track record of managing complex processes programs
• Knowledge of common information security management frameworks, such as SOC 2, and or ISO 27001
• Knowledge of global security laws and regulations
• Experience with security programs in Cloud computing/Elastic computing across shared/virtualized environments
• Experience working in an Agile environment
• Process oriented - where defining a repeatable process is as important as action. 
• Well-developed analytical skills: ability to assess situations and complex problems quickly
• Strong consultative approach including listening, questioning, and devising solutions that fits well into the business
• Good communication skills: interpersonal, writing, telephone, presentation.
• Knowledge of global data compliance and privacy laws and regulations

Nice to Haves

• Industry certifications: CISSP, CISA, and/or other relevant security industry credentials or certifications.
• Experience working with vendors, including assisting in selection and vendor negotiations.