Yext is hiring an

IT Security and Compliance Manager

Hyderabad, India

Yext (NYSE: YEXT) is building the next big thing in AI search, and the next big thing is answers.

With the explosion of information and data online, search has never been more important. However, while the world of consumer search has innovated over time, enterprise search has not. In fact, the majority of enterprise search is powered by outdated keyword technology that only scans for keywords and delivers a list of hyperlinks rather than actually answering questions. Yext, the AI Search Company, offers a modern, AI-powered Answers Platform that understands natural language so that when people ask questions about a business online they get direct answers – not links.

We have a big, audacious mission to transform the enterprise with AI search. To achieve that, we need bright minds and diverse perspectives to join our growing company and help us continue to disrupt an industry. Does this sound like you?

The IT Security and Compliance Manager will be responsible for partnering with IT & Business Leadership to develop, implement, maintain, and mature a strategic, risk-based roadmap of our Information Security, Risk, & Compliance program. The goal of this road map is to implement appropriate practices thereby protecting the organization and supporting our strategic objectives. This individual will work cross-functionally to develop guidelines and standards as well as educate and enable our employee base to ensure we meet our Information Security, Risk, & Compliance objectives.  This position requires hands-on experience providing information security services including policy management, compliance with HIPAA, SOC 2–Type 2, and other regulatory requirements, risk management, auditing, security incident management, as well as administration and operations of information security tools and services. 

What You'll Do

  • Communicate policies and procedures to stakeholders inside and outside the company.
  • Develop and direct the implementation of security standards and best practices for the organization
  • Create and access policies and oversee identity and access management
  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
  • Coach and mentor staff, provide and strive for constant feedback and improvement, create annual tasks and standards for the staff, complete annual performance reviews.
  • Monitor, manage and assign security and compliance efforts
  • Manage and coordinate efforts in support of external audits and assessment activities.
  • Provide audit response and ongoing guidance on solutions to achieve and maintain security compliance, to mitigate information security risks and to correct compliance exposures and gaps.
  • Constantly update the information security strategy to leverage new technology and threat information
  • Brief senior management on status and risks, including championing the overall strategy and necessary budget
  • Maintain a current understanding the IT threat landscape for the industry
  • Provide day-to-day operational support of various security tools and controls; such as access controls, endpoint protection, anti-virus/malware, data loss prevention, e-mail security, and security log management and monitoring tools.

What You Have

  • Bachelor's degree in Business, Technology or related field
  • 10+ years of relevant work experience including proven ability to successfully lead and oversee critical projects and cross functional efforts
  • Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance
  • Information Security professional certification; e.g., CISM, CHP, CGEIT, CSCS, CISSP/HCISSP, ISSAP, or other equivalent certification is preferred.
  • Broad knowledge and hands-on experience with information security technologies and solutions such as IDS/IPS, SIEM, UTM, Firewalls, EDR, DNS protection, VPN and antivirus technologies.
  • Experience with regulatory compliance, including SOX, GDPR and HIPAA, and familiarity with well-established security standards and frameworks such as ISO 27001, NIST SP 800-53 and COBIT.
  • History running and participating in incident response procedures and table-top exercises.
  • Understands common threat vectors applicable to the corporate environment including phishing.
  • Experience with designing and running security awareness campaigns and initiatives.
  • Familiarity with network administration and visibility concepts and tools.
  • Excellent written and verbal communications skills, with demonstrated ability to present to both technical and non-technical audiences.
  • Experience with securing virtual environments and cloud-based solutions.

Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you require a reasonable accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.