"Alerted.org

Job Description

Summary:

We are seeking a strategic and technically adept Information Security Manager to design, implement, and mature the security and compliance posture for our SaaS-based yard management platform. In this role, you will manage the information security program end-to-end, including aligning to governance frameworks, leading compliance audits (e.g., SOC 2, ISO 27001), managing risk assessments, and implementing key technical safeguards across our cloud and SaaS environments. You will collaborate cross-functionally with Product, Engineering, IT, and Operations to ensure our infrastructure, data, and customer information remain secure while supporting business growth. This position combines strategic leadership with hands-on execution in a growing organization where information security is a top priority.

Key Responsibilities:

• Design, implement, and maintain the information security program and governance framework for our SaaS-based yard management platform.

• Develop and enforce security policies, standards, and procedures aligned with SOC 2, ISO 27001, and data privacy requirements.

• Lead risk assessments, manage the risk register, and oversee mitigation planning across systems and business processes.

• Serve as the primary owner of compliance initiatives, coordinating readiness, audits, and external assessments.

• Partner with Product and Engineering teams to embed SDLC security technical controls within cloud infrastructure, CI/CD pipelines, and application design.

• Coordinate incident response and root cause analysis for security events, ensuring timely containment and remediation.

• Manage vendor security reviews, due diligence, and ongoing third-party risk assessments.

• Lead internal security awareness and training programs to promote a security-conscious culture.

• Monitor and report on key security and risk indicators to leadership, including metrics on compliance posture and incident trends.

• Maintain security documentation, control inventories, and audit evidence.

• Collaborate with cross-functional stakeholders to ensure security requirements are incorporated into new and existing services, integrations, and workflows.

• Evaluate emerging threats, tools, and technologies to continuously improve security posture.

• Balance strategic risk management with hands-on technical oversight to protect data, infrastructure, and customer trust.

Salary $140 -165k annual salary plus bonus (based on experience and background)

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

Qualifications and Experience:

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field preferred.

• 5–7 years of experience in information security, governance, risk, and compliance, preferably within a SaaS or cloud-based environment.

• Strong understanding of information security frameworks (SOC 2, ISO 27001, NIST, CPRA).

• Hands-on experience with technical security operations, including cloud security (AWS, Azure, or GCP), identity and access management, and vulnerability management.

• Demonstrated ability to implement and validate security controls across application, infrastructure, and data layers.

• Experience leading or supporting third-party audits and compliance initiatives.

• Strong understanding of risk management methodologies, including threat modeling and risk quantification.

• Familiarity with information security tools deployable across the SDLC.

• Excellent communication skills with the ability to translate technical risks into business impacts.

• Proven ability to work autonomously in a growing organization as the primary security resource.

• Preferred certifications: CISSP, CISM, CISA, or equivalent.

• Experience collaborating cross-functionally with engineering, IT, and legal teams to operationalize security requirements.

• Knowledge of SaaS security best practices, including data protection, access control, and incident response planning.