Manager, Information Security

Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets, pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented, vetted community of security researchers to deliver continuous penetration testing and vulnerability management, with actionable results. Synack's PTaaS platform has uncovered more than 71,000 exploitable vulnerabilities to date, protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information, please visit www.synack.com.

We are looking for a talented Information Security Compliance Manager with deep expertise in ISO, SOC, CMMC and FedRAMP compliance. You will work closely with the Product, Engineering, and Operations teams to ensure proper security controls and monitoring are applied. Sounds interesting? Keep reading…

**Please note that due to federal government contract requirements, we can only hire a citizen of the United States into this role.

Here’s what you'll do

  • Maintain System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, and conduct Security Impact Analysis (SIA) on major system changes.
  • Develop and maintain automated Plans of Action and Milestones (POAMs).
  • Contribute to the adoption and implementation of automation and use of Artificial Intelligence (AI) within Synack's Information Security operations.
  • Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls.
  • Communicate regularly with stakeholders on security compliance issues aligning to CIS and NIST standards, track mitigation/remediation tasks, and assisting in generation of reports and metrics.
  • Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties.
  • Working with Project Managers and Software Engineers in a collaborative and enabling (non-obstructive) manner; Ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across Synack hosted services and infrastructure, with a focus on hardening and adhering to DevSecOps principles.
  • Coordinate with the field teams to respond to vendor security assessments and conduct 3rd party risk assessments of Synack vendors.

Here’s what you’ll need

  • 8+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance with a Cloud Service Provider
  • Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools.
  • Experience with event monitoring and alerting tools such as Datadog, Stackdriver, and Azure Sentinel.
  • Experience with Cloud Native Application Protection Platforms (CNAPP).
  • Experience with leveraging security tools within the Software Development Lifecycle (SDLC).
  • Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, CMMC, FedRAMP, and NIST.
  • Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences.

Ready to join us?

Synack is committed to embracing diversity. Our people are our strength.  Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. Synack strives to be inclusive of all people. 

As a candidate, Synack cares about your privacy. Please view our candidate privacy policy here.

This role has responsibility for ensuring the privacy of data.

$140,000 - $169,000 Salary is determined by a combination of factors including location, level, relevant experience, and skills. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. The compensation package for this position may also include equity, and benefits.

For more details about our benefits, please see here. Then for the Employer code, enter: synack