Director of Security

COMPANY DESCRIPTION

ASG is an unconventional group of market-leading SaaS software companies, serving industries ranging from behavioral health to transportation to childcare. ASG believes deeply in the power of people and data to grow great organizations, and that sharing knowledge, expertise, and resources across its community of businesses drives exponential growth. ASG has acquired 40 businesses since its inception in August of 2016. We are backed by Alpine Investors and operated by world-class PeopleFirst™ leaders.  Founders of leading SaaS companies continue to trust ASG to grow their businesses and build even stronger legacies for the future. To learn more, visit www.alpinesg.com.

JOB DESCRIPTION

We are looking for an experienced, hands-on and confident InfoSec Leader to help our companies build the most secure platform. You will work with ASG’s CISO to help our teams with penetration testing, audit, risk assessment, obtaining and/or maintaining compliance, reviewing policies and supporting with incident response.

As part of the ASG Engineering, you will be helping SMBs scale to a new stage of growth. You will get an opportunity to understand a wide array of tech stacks and software products through acquisitions and get to deploy a diverse set of growth strategies throughout the hold period of our investments. While learning from and pairing with extraordinary leaders across our business.

The ideal candidate has direct hands-on experience in securing and auditing web applications (particularly in cloud environments), leading effective incident response, directing risk assessment and compliance, and mentoring others.

You’re Excited About This Opportunity Because You Will:

• Assist in all aspects of audits, including risk assessments, planning, testing, control evaluation, and reporting.
• Recommend process, technology, operations, and compliance enhancements to improve security of the portfolio companies.
• Develop and lead cyber security strategy.
• Conduct system security, web application security, vulnerability analysis and risk assessment.
• Support on incident response and address the security needs of the portfolio.  
• Assist portfolio companies in getting and maintaining SOC2, PCI, HIPPA and GDPR
• Be a security subject matter expert and respond to any internal/external security questions.
• Provide technical design recommendations to address audit & compliance narratives in partnership with technology SMEs and leadership
• Be the Subject Matter Expert for cloud governance, risk and compliance including policies, and executive reporting.
• Participate in implementing, executing, and testing information security processes; use observation and initiative to identify potential security vulnerabilities and risks.
• Assist engineering teams with audit infrastructure and web application, and help them identify critical bugs and vulnerabilities.
• Support and drive automation of the internal assessment and compliance programs

We’re Excited About You Because:

• You have a bachelor’s degree in Computer Science, Cybersecurity or other related field, or related industry experience.
• Minimum of 5+ years of experience in Information Security. 
• Have any of the following certificates. CISA, CISSP, CISM, OSWE, OSEP.
• Direct hands-on experience in web app scanning, penetration testing, auditing, creation and implementation of infosec related policies
• Experience in SOC, HIPAA, GDPR or PCI DSS.
• Experience with performing risk assessments and effective incident response.
• Strong Knowledge in cloud security and governance (AWS & Azure).
• Excellent written and verbal communication, presentation, and listening skills, with the ability to present complex technical information to a variety of technical and non-technical audiences.
• Demonstrated experience managing vendor relationships.
• Experience with the hands-on management of enterprise grade security tools and infrastructure.
• You possess a proactive, solution-oriented, problem-solving mindset -- “I’ll figure it out.”
• You thrive in a small, growing, fast-paced, results-oriented environment.