Saviynt is an identity authority platform built to power and protect the world at work. In a world of digital transformation, where organizations are faced with increasing cyber risk but cannot afford defensive measures to slow down progress, Saviynt’s Enterprise Identity Cloud gives customers unparalleled visibility, control and intelligence to better defend against threats while empowering users with right-time, right-level access to the digital technologies and tools they need to do their best work.
Summary:
The Sr. Manager, Information Security, will serve as Incident Commander and lead multiple
programs within Information Security, in collaboration with various cross-functional teams,
and technical and GRC teams within Info Sec.
The candidate will possess the ability to develop and execute internal programs, and
communicate with external stakeholders including customers. The candidate must be
comfortable managing projects in an Agile environment.
The candidate should be familiar with policy and compliance requirements, including policy
documentation and system requirements to successfully respond to potential audits.
What You Will Be Doing
- Serve as Incident Commander and serve as single point of contact for customers,
- representing the internal team on technically advanced or complex matters
- Develop executive level presentations to support Risk Programs and broader
- Information Security updates to appropriate audiences
- Flexible and collaborative approach to enabling and supporting the business
- Strong stakeholder and relationship management skills
- Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures
- Requires sufficient technical background to be able to interpret audit and compliance requirements
- Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings)
- Collaborate with the Security Operations Centre (SOC) to mature processes and strengthen the current Security Operations Framework
- Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
- Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
- Provide input/review and development of security and compliance controls and vulnerabilities against policies, standards, and frameworks in the following frameworks such as ISO 27001, SOC2, and PCI
- Regularly review standard operating procedures and protocols to ensure SOC continues to effectively meet operational requirements
- Vendor management; review security clauses in customer contracts
- Continual process improvement in infrastructure security assessments, reporting and remediation to reduce risk.
- Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
- Routinely engage with cross functional teams to evaluate SOCs ability to meet stakeholder needs
- Communicate vulnerabilities, solutions, and enterprise trends to all levels of an enterprise – both technical and non-technical resources
- Advise IT teams regarding patch notifications, initial risk assessment, eligible systems, and deployment requirements
- Perform assessment of internal and third-party cybersecurity risk
- Support responses to customer inquiries about Saviynt compliance related to IT and Security
- Interface with external auditors in managing ongoing compliance and audits as it pertains to SOC activities
- Working experience with AWS, Google Cloud Platform or Microsoft Azure
What You Bring
- Subject matter expert in Information Security Program Management, Cyber Defense (as Incident Commander) and Risk Management
- Bachelor of Science degree in Computer Science or related field is required
- 12+ years’ experience in above areas
- Excellent analytical thinking and problem solving skills
- Must have excellent written, communication and verbal skills to assist with
- communications with other teams and writing executive summaries based on work output
- Ability to lead, influence and collaborate with remote team members, proven delivery, remediation and incident response background
- Solid background in security incident response and vulnerability management
- Self-starter and “outcome oriented”, can work with minimal supervision but knows when to escalate
If required for this role, you will:
- Complete security & privacy literacy and awareness training during onboarding and annually thereafter
- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business Continuity/Disaster Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
