ZERØ is looking for an Information Security Manager to help protect and secure the next-generation algorithms and software that automates business processes for some of the largest and most successful law firms in the world. The Information Security Manager will collaborate with internal and external stakeholders to maintain enterprise IT compliance, and information security and data privacy standards. Along with an internal focus, this role will also possess an external facing component assisting with execution and tracking of audit and risk assessments. This individual will collaborate with other business functions in the development and revision of standard IT operating procedures, business process workflows, narratives and work instructions that will be the basis for periodic audits as required by the business.
ZERØ is a fast-growing technology company headquartered in Silicon Valley. We help make lawyer’s lives better by automating time-consuming administrative tasks and allowing them to focus on the things that matter. ZERØ is constantly innovating on ways to help people increase productivity through automation, starting with email management and time capture. Our mission is to apply artificial intelligence and smart automation to the most pressing operational challenges. Because we have such a small team, you’ll be owning huge ideas from the start. Meanwhile, you’ll join talented teammates to create something that helps professionals reduce their cognitive load.
- Design, implement and manage enterprise information cybersecurity, compliance, and data privacy programs (e.g. strategies, policies, procedures, controls, and supporting systems) to ensure IT alignment with business operations and adherence to local, federal and industry regulations
- Identify, evaluate and assess IT risks, performs gap assessments and ensure that ZERØ information assets and infrastructure are properly secured and protected
- Lead high-visibility IT projects, vendor assessments, compliance audits, and drafting/updating of IT policies and compliance documentation.
- Manage relationships with vendors, consultants, and auditors, across cybersecurity, IT compliance, and data privacy areas
- Play an active role in the completion and associated remediation activities for SOX, GDPR, CCPA, and cybersecurity assessments. Assists in the preparation and dissemination of supporting evidence for audits
- Manage corporate information security systems including firewalls, intrusion detection, cryptography
- Monitor and analyze information security logs and alerts generated by security, server, storage, and network devices, databases, and applications (including cloud) and automates monitoring, notification, and reporting
- Develop and maintain IT cybersecurity, compliance and data privacy documentation for the business
- Educates employees on cybersecurity and data privacy through training and periodic audits on the secure use of IT services
- Bachelor's degree in information technology, computer science, or related discipline
- 5+ years of IT, information security, compliance, or similar experience, MUST have previous experience in banking or similar industry
- 1-3 years of management experience (preferred)
- Professional security certification(s) such as CISSP, CISM, CISA, CEH, GSEC strongly preferred
- Proficient in risk, business impact, control, and vulnerability assessments and defining mitigation strategies
- Public cloud experience (AWS or MS Azure) highly desired
- Deep knowledge and understanding of information technology (infrastructure and applications) security awareness, incident investigation and remediation