Manager, Security & Compliance

What we're looking for:

As a Manager, Security & Compliance on the InStride Security team, you’ll work with diverse, multi-teams to design and secure product, cloud and data environments to meet our customers’ security needs for our growing workforce education SaaS platform and software supply chain.

You will aid in creating and iterating on processes and procedures that directly assist in protecting InStride team members, offices, and technologies. You’ll lead a Security Team that supports all InStrider’s, Corporate Partners and Academic Partners. Additionally, you’ll develop and maintain our security technology capabilities and optimize our security preparedness and emergency response. 

The company will look to you as our SME to help us identify, communicate, mitigate and remediate threats and obstacles we face as an organization every single day. You will also be accountable for ensuring InStride is maintaining compliance with applicable laws, licenses, and regulations in the regions where we do business.

Who you are:

• You have a minimum of 10 years of validated experience in DevSecOps, compliance and security by design.
• Information security-related certifications such as CISSP, CRISC, CCSP, GIAC, etc
• Demonstrated ability to build and support high-performing, inclusive teams. As a servant leader at InStride, you are expected to live by our values and culture, lead by example, and set your team up for success
• Support direct reports in creating and meeting goals, and aligning goals to organizational objectives
• Building strong relationships with team members, peers, and stakeholders
• Capacity to learn and apply new technologies quickly to respond to evolving challenges
• Setting clear plans of action and seeing complex security projects through to completion
• Deep technical understanding of relevant technologies including; SIEM, AWS Security & IAM Config, Inspector, Detective, KMS, CloudWatch, Guard Duty, Cloud Trail, ECR, CSPM, CNAPP, API security, DSPM etc.
• You are organized, focused and driven in how you approach your work
• A bias for action, delivering solutions to mitigate security risks
• A highly ethical person who understands that our value hinges on the speed and integrity of the product delivered
• Advanced understanding of frameworks including NIST CSF, CSA, CIS IG2 etc.

How you will create impact:

• Manage and grow a team of security engineers to deliver security projects that enable business objectives and create impact
• Define, evangelize and drive security & compliance best practices & improvements across the organization while setting clear measures of success
• Implement secure by design/default by building repeatable security patterns and/or leveraging frameworks
• Lead conversations to remove blockers and foster collaboration across teams
• Manage external and internal audits and compliance frameworks related to SOC 2, PCI and ISO 27001:2022 including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations
• Work with Engineering and Product teams to identify potential vulnerabilities, process improvements and efficiencies in areas of change management, access management and general technology process controls
• Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets
• Report actual or suspected security and/or policy violations/breaches and drive to closure
• Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations
• Support InStride’s security review process from beginning to end by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
• Serve as a subject matter expert for information security tools, principles and practices (especially as they pertain to vendors and cloud security), and promote a culture of security throughout the organization 
• Interface with staff throughout the organization to facilitate the efficient and secure use of technology services
• Assists in the creation and implementation of security solutions