Manager of Information Security and Compliance

Manager Of Information Security & Compliance

Company Overview iboss is a cloud security company that enables the modern workforce to connect securely and directly to all applications from wherever they work. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, RBI, CASB and data loss prevention to all connections via the cloud, instantaneously and at scale. This eliminates the need for traditional network security appliances, which are ineffective at protecting a cloud-first and mobile world. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 500 companies.

Job Description The Manager of Information Security & Compliance is a key leadership role responsible for overseeing security operations and regulatory compliance initiatives. This role requires deep expertise in technology, risk management, and IT security principles, with a strong focus on protecting information systems and data. The Director of Information Security & Compliance will develop and implement security policies and align organizational practices with industry frameworks such as ISO 27001, ISO 9001, SOC 1/2, Cyber Essentials, and FedRAMP to ensure continuous monitoring of security controls and incident response readiness. In addition to managing internal security policies, this role will be the primary point of contact for client assessments and external audit engagements, ensuring all compliance obligations are met and supporting key security programs, including contingency planning, configuration management, security awareness, client assurance, and change management. Maintaining detailed documentation of security events, policy updates, and risk management activities will be essential for driving compliance and operational transparency. A strong ability to communicate complex security concepts through well-structured documentation is critical. The ideal candidate will assist stakeholders in drafting and refining comprehensive policy documents, ensuring they align with regulatory requirements. Additionally, they will oversee system audits, leveraging automated tools and established processes to maintain compliance. A thorough understanding of security technologies and control objectives is pivotal in supporting the organization's security posture. Further responsibilities include managing configuration and change control processes, tracking system modifications, and overseeing the Change Management Board. The director will also monitor software usage, maintain an accurate inventory of system components, and protect the Configuration Management Plan from unauthorized changes. Additionally, they will drive security awareness efforts, coordinate third-party audit engagements, and oversee regulatory reporting for government compliance programs. This role requires a proactive, detail-oriented leader who can balance long-term security strategy with day-to-day operational needs. By fostering a culture of risk awareness and compliance, the Manager of Information Security & Compliance will play a crucial role in maintaining the integrity, confidentiality, and availability of the organization's systems and data.

Responsibilities

• Lead the GRC team, ensuring alignment with organizational security and compliance objectives.
• Support internal information security audit activities and serve as the primary interface with external auditors and third-party assessors.
• Collaborate with departmental stakeholders to align policies and procedures with industry security frameworks, including SOC 2, ISO 27001, ISO 9001, FedRAMP and others.
• Establish and track long-term milestones for compliance activities, planning a year or more in advance.
• Demonstrate strong written communication skills for policy articulation, documentation, and reporting.
• Maintain detailed records of events, tasks, and timelines during incident response and bridge calls involving multiple teams.
• Manage long-term compliance obligations independently, without requiring direct oversight.
• Oversee and execute security or technology projects as needed, ensuring successful delivery within scope and timeline.
• Coordinate with technical teams to conduct annual contingency exercises, including disaster recovery tests and business continuity procedures.
• Apply best practices in risk management to assess, mitigate, and monitor security and compliance risks effectively.

Qualifications

• 4-year college degree or related experience
• 5 - 10 years' experience in technology with a security focus
• Network, secure application design or systems design experience
• CISSP, CISA, CISM or similar industry certification preferred
• Professional communicator and comfortable speaking to internal shareholders and executives
• Possess a strong work ethic and team player mentality
• Highly developed sense of integrity
• Strong detail orientation and listening skills
• Strong decision making and analytical abilities
• US Citizen

Benefits

• Health, Vision, Dental - open to domestic partners
• 401K with company match
• Unlimited Paid Time Off (PTO)
• Company-paid holidays

The duties and responsibilities described above are essential functions of the job. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a veteran, or an individual with a disability. *This position is not eligible for sponsorship of work visas