Security Program Manager
Lever is hiring our first Security Program Manager to partner with our growing security and IT team. In this brand-new role you’ll be responsible for adapting, improving and scaling the Information Security functions during a period of significant growth (and beyond) for the company.
Reporting to our Director of Security & IT, you’ll bring your experience to build effective security practices and protocols while optimizing for efficiency and quality. You’ll identify and predict risks and remediation processes related to cyber security and you'll partner with each team to empower them to keep customer data safe.
You'll also collaborate with the Director of Security & IT to prepare recommendations for our internal Information Security Steering Committee while being an internal resource for Lever employees. You’ll develop our security processes, protocols, and ongoing compliance while being the point person for advising the company on all things security.
As the newest leader on the IT team, you will have the ability to start this function from scratch. You will be working closely with the Director of Security and IT to shape how work gets done securely as Lever continues to scale its workforce aggressively.
We’re looking for someone with a builder mindset; confident in managing day-to-day operations, excels at creating essential risk analysis and reporting, and is passionate about serving as an expert resource to Lever. You will focus on all facets of Lever’s security risks and the processes to monitor, remediate and respond to them. You’ll develop your management skills defining, building, and rolling out appropriate security best practices for Lever while becoming an expert in cyber security compliance activities. We never lose sight of our highest priority: ensuring that all Lever customer and company data is secure and available. These goals drive all that we do, and we’re excited to bring someone on board who will creatively build the perfect mix of secure and efficient systems. We know that the work you will do will have transformative impact both to every contributor at Lever and every customer.
Lever is building an internal IT and Security team from the ground up and we want your help. We know what we need to accomplish and we’ll look to you to execute and collaborate with your team to get us there.
The team is close-knit and comprised of Director Security and IT, an IT manager, and you. We really enjoy collaborating together but aren’t strangers to diving into our own projects in order to serve the broader Lever team effectively. We are helpers by nature and are looking for someone to join the team with a helping mentality while also keeping us protected, compliant, and safe.
THE SKILL SET
- 6+ years supporting businesses in a technology/security capacity
- Ability to tease out business needs to architect effective technology
- Strong knowledge of and demonstrated experience with industry standard security frameworks and benchmarks like National Institute of Standards and Technology (NIST), Cybersecurity Framework, Center for Internet Security (CIS) Critical Controls, Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPAA)
- Mastery of designing and implementing network intrusion detection systems
- A true generalist with knowledge of multiple realms of security (Audit, Compliance, Incident Response, Forensics) and a subject matter expert in at least 2
WITHIN 1 MONTH, YOU'LL:
- Complete Lever’s new-hire training week (a.k.a. Ramp Camp), and learn what it means to build a powerful recruiting platform.
- Complete your starter project: Review and improve Lever’s security training materials and author improvements.
- Create your own impact plan. This will serve as your onboarding plan and will help you and your manager understand your impact and progress to goals.
- Establish weekly one on one meetings with our Director of Security and IT.
- Establish regular meetings with our infrastructure team to inform security and risk remediation processes.
- Establish a cadence for meeting with our Customer Success team to gain insights about how customer data is handled.
WITHIN 3 MONTHS, YOU'LL:
- Pair with our Director of Security and IT to draft technology security policies and extend or update the current policies. Develop a standard practice for messaging policy changes to affected internal stakeholders.
- Advise and collaborate with the Manager of IT on an audit of user credentials.
- Advise and collaborate with the Manager of IT on a plan to audit software and hosted services used by Lever.
- Organize documentation so administrators may understand the design and state of all internal technology resources.
- Deliver a project plan to optimize the existing user account life-cycle management process and implement a centralized directory (Okta + LDAP).
- Establish a roadmap for adoption of recognized security framework for modern IT governance.
- Produce a plan for the rollout of network intrusion detection systems for company networks.
WITHIN 6 MONTHS, YOU'LL:
- Collaborate with the Director of Security & IT to complete a Security roadmap that includes strategy for ongoing compliance processes and automating or streamlining how evidence is created and gathered. Define a timeline for expanding SOC 2 examination to additional Trust Service Principles, such as Availability.
- Work with our product, engineering, support teams and other stakeholders to complete our 2019 SOC 2 audit, our 2019 penetration test, and definition of controls for new and existing SOC Trust Service Principles.
- Define and execute processes and protocols for ongoing compliance with EEO, OFCCP, GDPR, and any other applicable regulations.
- Identify organizational security skills gap and road map remedial training.
- Establish detailed timeline for building core of security framework.
- Attend at least one relevant, high-level security conference as a representative of Lever.
WITHIN 12 MONTHS, YOU'LL:
- Educate and empower all Lever employees to develop more secure habits and better individual security judgement. Work with the Director of Security & IT to come up with ways to measure progress.
- Develop a pedagogy for annual security training and assessments to all Lever employees.
- Have implemented core of security frameworks for Lever's administrative activities after having worked cross-functionally with all stakeholders.
- Create a timeline for achieving functioning advanced aspects of the security framework (Identify, Protect, Detect, Respond, Recover).
IS THIS ROLE NOT AN EXACT FIT?
THE LEVER STORY
Lever builds modern recruiting software for teams to source, interview, and hire top talent. Our team strives to set a new bar for enterprise software with modern, well-designed, real-time apps. We participated in Y Combinator in summer 2012, and since then have raised $73 million. As the applicant tracking system of choice for Netflix, Eventbrite, ClearSlide, change.org, and thousands more leading companies, Lever means you hire the best by hiring together.
We are proud to be an equal opportunity workplace committed to building a team culture that celebrates diversity and inclusion. Take an inside look into life at Lever.
Back to top