POSITION: IT Security LeadLocation: El Dorado Hills
Job Description - The eventual replacement of a Legend in IT security and compliance.
For the past 11 years we have built a SaaS software company from scratch, at a time when the security and compliance guidelines from the Financial Services industry has changed dramatically.
Our CISO Jack has been with us from day 1 and he has decades of computer and IT and Security and Compliance experience, and we're looking for a person to come in and be mentored and work with Jack on a day to day basis. We're not looking for an experienced Chief Information Security Officer, but we are looking for a person who can grow into that role so when the day comes where Jack wants to step back, we have that person in position.
The ideal candidate is a person with enough skills to handle the many parts of the job I'll try and describe, but it also has to be a person willing to be mentored and to learn how to follow the lead of our CISO. Within a year you will be getting the equivalent of a master's degree in how to pass audits from the largest financial institutions, which means you'll fully understand how to manage the security and compliance and the networking needs of a SaaS software company selling to the largest financial institutions in the world.
We will do our best to teach the person we hire how to manage these audits, and how to earn respect from the auditor and do it quickly. We can teach someone who has the fundamentals of honesty and comes across as being very caring about what they do. They have to care about securing the customers data and not just getting past the audit. These financial institutions audit executives all the time and can tell very quickly if the person is just giving lip service to get through the audit or if they really care.
If you have experience with some, but not all that is listed below, that could be ok depending on what it is. We have shown some areas as "need" or "could be taught". It's kind of like college where you need pre-requisites to be able to take a class"
Required Knowledge, Skills:
List of areas of experience preferred:
"Could be taught".
• Linux OS and Apache - need some understanding
• Ideally has experience working with developers- Does not need to be a programmer but needs to have some knowledge between the application and operating system tools like "version control"
• Change Control and Change control documentation - absolutely needs to understand the importance of change control and proper and professional documentation. This will be a big part of their responsibilities.
• IT Policy documentation creation and review
• Inventory management
Experience in working with companies and products like Rackspace, Microsoft Active Directory and Office 365, Firewall and Desktop support providers, Encryption providers, Bulk email encryption and delivery providers, Database back up providers, Software Code review process, Oracle enterprise database, Content filter providers, etc.
• Nice person, good people skills, dependable, no drama
• Windows server, Active Directory, GPO, DHCP, DNS, VPN
• Basic office networking and the ability to manage our email, PC's, laptops, IT closet, routers, internal server, phone system, copiers, Internet T1's and wireless, and everything IT related
• DLP - UTM - syslog servers
• BC/DR both for local Windows operations and for Linux Web servers, MySql database servers. Cisco Tier two firewalls, working with networks.
• Strong documentation skills
o They will be responsible and will have to review everything written that goes to a customer or prospect!
o They will have to understand it and be able to explain it.
• Understanding/experience with SOC2, GLBA, SOX, and regulations regarding privacy/security of PII. - need basic understanding but could be taught
• Works well with people The people skills will be very important both for dealing with auditors on a technical level and working with Vendors and managing people.
• Microsoft Office expertise, Mac knowledge a plus
This is not an easy job and it can be stressful and full of surprises. We have grown into the security business as it developed, and the candidate we hire will continue this evolution. We have to be able to pass this knowledge on for someone to be able to do the job well and it will take time. The ideal candidate will start to be productive and be a help to us fairly quickly, but they have to understand the critical nature of the position and there is no room for error. We're not looking for some hot shot to come in and tell us what to do, but we are open to ideas and collaboration from a person who has experience and a track record in some of the areas above.
We deal with many third party companies who manage various aspects of our security infrastructure, and your role will be to learn about these relationships and understand what each does and how we utilize each to be secure, compliant, efficient, and cost effective.
Phone: 916 730 3335