Manager, Security and Compliance

DataBlend, a specialized iPaaS software company focused on financial system workflows, is looking for a roll-up your sleeves person with a can-do attitude to join our growing team as a Manager, Security and Compliance. This will be a critical role looking to enhance and transform the quality of our Security and Compliance function with a tremendous amount of growth potential at both DataBlend and our parent company eOne Solutions.  So, if you want to join a proven product company that is still scaling and are ready to have a big impact and work to expand our product’s capabilities, please submit your resume to resumes@datablend.com. 

Reporting directly to the Senior Director of Product and Chief Information Security Officer (CISO), the Manager, Security and Compliance responsibilities will include, but not be limited to:

  • Working closely with the CISO and executive team to set a security strategy that is closely aligned with DataBlend and eOne Solutions business goals.
  • Supporting information security and third-party audits as required (i.e. SOC2, ISO 27001, customer questionnaires, etc.)
  • Supporting the development and rollout of products and services with embedded security and resiliency.
  • Establishing and fostering a cyber-aware culture.
  • Building customer facing messaging that establishes security and compliance as a differentiator.
  • Conducting periodic risk assessments to proactively identify and remediate risks.
  • Maintaining and optimizing programs to enable frictionless security and compliance.
  • Managing the development, approval, training, and implementation of policies, procedures, standards, controls, and guidelines.
  • Developing and providing annual training to all workforce members of established policies and procedures as necessary and appropriate to carry out their job functions and documents the training provided.
  • Ensuring appropriate role-based access is provided to all users.
  • Overseeing and enforcing all activities necessary to maintain compliance and verifying the activities are in alignment with the requirements.
  • Facilitating audits (internal and external) to validate compliance efforts throughout the organization.
  • Receiving, investigating and documenting reports of security or policy violations.
  • Collaborating with DevOps and other operational teams to ensure security standards are met.
  • Managing suite of security and compliance tools to ensure that vulnerabilities/risks are identified and timely queued for remediation. Advise on and track issues through Remediation.
  • Monitoring security and compliance reports and JIRA security and compliance board to ensure that all reported issues are promptly and appropriately actioned.

Required Skills/Experience:  

  • Track record of building relationships with internal and external stakeholders
  • Experience with SOC 2 Type II audits (preparation, evidence gathering, remediation)
  • Working knowledge of ISO 27001:2022 standards and certification process
  • Experience developing and maintaining security policies and procedures
  • Demonstrated ability to conduct internal audits and manage findings
  • Experience conducting security assessments and risk analysis
  • Experience with vendor security assessments and third-party risk management
  • Understanding of data privacy regulations (GDPR, CCPA, HIPAA where applicable)
  • Practical knowledge of security tools (SIEM, IDS/IPS, vulnerability scanners)
  • Knowledge of cloud security practices (AWS or Azure)
  • Familiarity with security frameworks (NIST, CIS Controls, etc.)
  • Knowledge of software development lifecycle (SDLC) security

Nice to Have, But Not Required:  

  • BS and/or MS in a technical discipline
  • Experience with log management and analysis tools (CloudWatch, GuardDuty, etc.)
  • Experience with access control management and identity governance
  • Hands-on experience with security monitoring and incident response
  • Understanding of network security principles and monitoring
  • Familiarity with vulnerability management programs and patch management
  • Basic scripting or automation skills (Python, PowerShell, or similar) preferred
  • Experience with configuration management and security hardening
  • Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, or similar

Location:

DataBlend, an eOne Solutions Company, has offices in Austin, TX, Fargo, ND, and Stowe, VT. Remote work is an option, but being near one of our offices is preferred.

Salary Range:

$90,000-110,000 (based on experience)

DataBlend values the array of backgrounds, talents, and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to actual or perceived race, religious creed, color, national origin, ancestry, physical or mental disability, medical condition, genetic information, marital or familial status (including registered domestic partnership status), sex and gender (including pregnancy, childbirth, lactation, and related medical conditions), gender identity and gender expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), age, sexual orientation, Civil Air Patrol status, military and veteran status, certain arrest or conviction records, domestic violence victim status, and any other consideration protected by federal, state or local law (collectively referred to as "protected characteristics”.