Information Security Manager

Remote (USA)
IT & Cybersecurity

OneSignal is a Remote First Collaboration Company, offering Remote work as the default option across the United States. We offer in-office experiences in San Mateo, CA and New York, NY.

Our blog contains more information about the OneSignal Engineering career ladder, our remote-first culture, and our compensation model. Our salary bands are available on AngelList.

OneSignal is a quickly-growing company serving our clients and helping them reach their customers through our scalable notification systems. We support an ecosystem of tens of thousands of clients, sending over 10 billion messages each day.

We are hiring a Director of Information Security to spearhead our compliance efforts. Currently, we’re a relatively small engineering group. While we have strong security practices, as we take our next steps as an enterprise, we are working to achieve ISO-27001 and SSAE-21(SOC 2, Type 2) compliance.

Initially, we need a leader to document our existing policies, work with our auditing firm to identify any practice gaps and help lead us through a SOC 2 Type 1, and then Type 2 audit.

After that initial work is complete, we’ll need a solid professional to help us maintain compliance going forward; to document our compliance initiatives over the year; to interact with sales prospects and existing customers about our compliance and security efforts, and to help train our internal engineering and other teams in best-in-class security practices.

You will work closely with our engineering teams to understand what we do now, and to help us ensure our new efforts work well within our security and compliance environments, and are properly documented for our ongoing audits.

In a typical month, the Information Security Manager might:

  • Interface with our auditors on ongoing tasks around ISO-27001 and SSAE-21 compliance
  • Write new policies to continue improving compliance efforts
  • Gather evidence of compliance for future auditing efforts
  • Coordinate with third-party intrusion detection vendors to test our application configuration for security.
  • Document our policies and compliance efforts internally to assist Sales Engineering
  • Help Sales Engineering answer prospects’ questions and compliance matrices
  • Talk to prospective clients about our compliance efforts
  • Review our compliance stance with existing customers
  • What you'll bring:

  • At least 3 years experience working in security and compliance
  • Experience working with third-parties in compliance and security
  • Knowledge of what is required for ISO-27001, SSAE-21, and GDP compliance
  • Experience responding to customer and prospect vendor security requests
  • Understanding of real-world security implications of compliance decisions; recognition that there is some interpretation required of compliance mandates.
  • Preferred skills and experience:

  • CISSP Certification a plus(though for the right candidate we will be willing to help you get certified)
  • Qualities we look for:

  • Friendliness and empathy
  • Modesty
  • Ability to collaborate well on a team
  • Can deliver solutions independently
  • Love of learning
  • In keeping with our beliefs and goals, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on 'protected categories,' we also strive to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place in our workplace.