Roostify is hiring an

Information Security Manager

San Francisco, United States
Remote

Roostify is transforming the mortgage industry with an innovative and integrated platform that’s streamlining the entire digital lending experience. We believe that home lending should be a fair, fast, and transparent experience. Our software is used by banks across the country to improve lending experiences every day. We are a team of innovative thinkers on a mission to reinvent the lending experiences so people can accelerate their future.   

The Legal & Information Security Team is responsible for, among other things, ensuring the confidentiality, integrity and availability of the data and information entrusted to us by our customers. This team plays a key cross-functional governance and policy role that is essential to assure customers their information is safe with us. The team also represents the company in responding to customer risk assessments, including customer audits, and also runs Roostify’s own vendor management process designed to give us confidence that our vendors are managing risks consistent with our standards.   As Information Security Manager, you will have a key role in supporting the Information Security Director and the governance team in meeting these objectives.     

While Roostify HQ is located in San Francisco, CA, we are open to remote work within the USA for this role.

RESPONSIBILITIES

  • Contribute to ongoing information security policy effectiveness by staying current with information security requirements from various sources and use the requirements to define and/or update company-wide information security policy, processes and standards. Collaborate within the governance team to ensure policies remain current and applicable.
  • Monitor, test and enforce the effectiveness of technical security controls against defined security policies and processes, including performing periodic audits or spot checks to ensure accounts and entitlements are up-to-date and that AWS system configurations are in compliance with defined security standards.
  • Manage the security logging functionality at all levels.  Configure and tune the SIEM and other monitoring tools to ensure alert levels are appropriate and reported alerts are properly handled. Stay current with industry vulnerability alerts.
  • Collaborate with Engineering and DevOps teams to ensure defined security control methodologies including secure coding, AWS configuration, and server configuration standards meet industry best practices and customer standards.  Ensure ongoing compliance with the defined standards, and provide guidance as needed on suggested remediation to application and infrastructure vulnerability scans.
  • Provide input to the scope of periodic application penetration tests, engage with penetration vendors, and coordinate with Engineering for execution of tests.  Track and monitor remediation of any reported findings.  
  • Participate as needed in the Security Incident response process, including prompt response and triage of incidents, coordination with other teams on response and evidence collection, and overseeing post-incident retrospective.
  • Take an active role in the cross-functional response to customer and third-party audits of the company’s security practices. Enforce and drive remediation of identified deviations or control gaps generated by internal audit, or customer or third-party audits.
  • Work collaboratively within the Information Security team to assist in the achievement of other team objectives, including :

 

SKILLS & EXPERIENCE

  • Five or more years of hands-on security experience in a SaaS environment, with at least two of those years in an AWS environment. Experience in a GCP environment is a plus.
  • Solid working understanding of TCP/IP, operating systems, and common security vulnerabilities and attack techniques. Bonus points for experience working in a security operation center (SOC) and configuring SIEM and logging systems.
  • Familiarity with secure coding practices, including the OWASP top 10 
  • Experience with various risk and control frameworks such as SOC 1, SOC 2, ISO 27001, NIST, and Cloud Security Alliance (CSA).
  • Excellent problem-solving skills that enable you to identify, analyze, and resolve problems in a timely manner, working both alone as well as in group problem solving situations.
  • Strong oral, written, and interpersonal communication skills with ability to explain technical and security concepts to both technical and non-technical resources.
  • Excellent project and program management skills.
  • Bachelor’s degree in computer science or similar discipline is preferred
  • CISSP, CISM or comparable security certification desired.

BENEFITS & PERKS

At Roostify we know that people do their best when they feel their best; we care about our people and want them to thrive. Here are some of the benefits we’re proud to offer:

  • Competitive Salary & Equity Packages
  • Health, Dental, and Vision Plans
  • 401K 
  • Flexible Vacation Time
  • Tuition Reimbursement Program
  • Fitness/Wellness Discount through ClassPass

Roostify is an Equal Opportunity Employer 

At Roostify we have a value of People First. We strive to provide the best experiences to our employees and candidates. We consider applicants without regards to race, color, national origin, sex, age, religion, sexual orientation, gender identity, veteran status, marital status, physical or mental disability, or other protected classes under all local, state, and federal laws and ordinances. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.