Information Security Manager

One Concern is a Menlo Park-based benevolent artificial intelligence company with a mission to increase the global community's resilience to natural hazards. Founded at Stanford University, One Concern enables cities, corporations and citizens to embrace a disaster-free future, through AI-enabled technology, policy, and finance. By combining data science and natural phenomena science we are pursuing a vision for planetary-scale resilience, where everyone lives in a safe, equitable, and sustainable world.
As the Information Security Manager, you will serve as the information security expert within One Concern and work to continually improve the company’s security posture and culture. The role will include overseeing all security systems and controls and managing and maintaining compliance with industry standard security frameworks.

What you will do

• Serve as the driver for the SOC2 compliance initiative within the organization and manage the SOC2 compliance project
• Perform risk analysis to identify and access the current state of security within our company and online platform
• Assess currently deployed security tools to ensure they are the right choice and configured optimally
• Develop automation for our security operations dealing with incident detection and response, monitoring and alerting, mitigation and resolution
• Reduce the attack surface of our facilities, IT and cloud computing environments and work to continually minimize or eliminate our security vulnerabilities
• Help develop security procedures and policies for the organization
• Document and update the state of security within the company and serve as the security subject matter expert to our customers
• Setup and manage tools that can be used in security threat detection, mitigation and incident management
• Work with product, engineering, IT, HR, FInance and other departments to ensure appropriate security controls are deployed and maintained
• Continually educate employees in the company on security awareness
• Perform internal security audits and present outcome and insights to team and executives
• Setup audits with external third-party auditors and drive the mitigation of issues identified in the compliance reports (eg SOC2)Perform their role in an ethical and responsible manner

Must-haves

• Previous working experience as information security engineer and/or compliance manager for 5 years
• Knowledge and understanding of such the information security frameworks aslike SOC2 or ISO27001 and of overall best practices for information security
• Hands-on experience authoring information security policies and procedures
• Hands-on experience designing and/or implementing security controls eg. IDS or SIEM systems
• Good organizational and time-management skills
• Strong interpersonal and communication skills

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.