SUMMARY iFIT's vision is to create the world's most holistic health and fitness platform, integrating all elements of health - physical fitness, mental health, nutrition and active recovery - into a seamless interactive experience. We develop proprietary software that learns and adjusts to the habits of each person as it delivers immersive content that guides them on their own individual fitness journey.We are currently seeking an ambitious pace-setter to join our team as a Senior Manager, Information Security, remotely.The Senior Manager role is critical in strengthening our organization's cybersecurity posture, enhancing threat detection capabilities, and fostering a culture of continuous improvement in security practices. We seek a dedicated professional to lead our security operations and analytics to new heights.ROLE COMMITMENTS
- Develop and implement a comprehensive security roadmap aligned with business objectives and compliance requirements.
- Define and report monthly security metrics to track security team impact and operational effectiveness, identify areas for improvement, and ensure timely follow-ups on vulnerabilities.
- Create a team competency matrix with well-defined roles and expectations to assist with their growth and development plans.
- Create a security incident response plan.
- Drive the cybersecurity awareness training (KnowBe4) and lead the company to a 95% completion rate for iFIT employees and 100% completion rate for contractors.
ESSENTIAL DUTIES AND RESPONSIBILITIESSecurity Strategy & Risk Management
- Conduct assessments of threats and vulnerabilities, prioritize security risks, and implement mitigation strategies.
- Monitor and evaluate emerging threats and vulnerabilities, providing proactive measures to mitigate risks.
- Support the external bug bounty program (HackerOne) in attracting ethical hackers to test our environment for vulnerabilities.
Team Leadership
- Lead and mentor a team dedicated to security operations and cybersecurity analytics.
- Foster a culture of accountability, high standards, innovation, and continuous improvement.
- Conduct regular team meetings and one-on-ones, set clear goals and expectations, and provide feedback to direct reports.
- Develop business cases to support cybersecurity initiatives.
- Define objectives and key results for the security team with specific goals and plans for projects, prioritize work, and allocate resources effectively.
Application Security and Advanced Threat Detection:
- Oversee application security by assessing and mitigating risks associated with software applications.
- Develop high-efficacy threat detection solutions using SIEM, UEBA, and similar tools.
Incident Response and Compliance:
- Create and lead the security incident response process, ensuring prompt and effective handling of security incidents.
- Ensure compliance with security frameworks and regulations, including NIST CSF, PCI DSS, SOC 2/Type 2, CCPA, GDPR, etc.
- Own IT policy annual reviews and updates.
- Manage and support the GRC Platform.
Budgeting and Cost Management:
- Develop business cases for new initiatives and manage budget planning for cybersecurity analytics services.
- Optimize service costs and manage expenses related to cybersecurity operations.
- Education and Basic Qualifications
- Bachelor's degree in Computer Science, Information Technology, or a related field or 5-7 years of experience in information security, with at least 5 years in a senior leadership role managing technical experts in security operations and threat detection.
- Proficiency in security technologies and tools, including SIEM, UEBA, IDS/IPS systems, EDR solutions, and cloud security.
- In-depth knowledge of industry-standard security frameworks such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI DSS, and SOC2 compliance.
- Strong project management skills, including managing budgets, timelines, and resources.
- Authorized to work in the United States without sponsorship.
- Preferred Qualifications:
- Advanced certifications (e.g., CISSP, CISM, GSEC, GCIH, ITIL 4) are highly desirable.
- Excellent verbal and written communication skills, with the ability to articulate complex technical ideas in business terms.
- Strong negotiating, influencing, and problem-resolution skills.
- Proven ability to prioritize and execute tasks in high-pressure environments.