Under the direction of the CTO, this individual is responsible for leading
Information Security, IT Infrastructure, Client Diligence Requests, and
spearheading the InfoSec portions of certifications such as SOC2 and ISO 27001
The right person will be an advocate for the security needs of our
organization and will be responsible for both the development and
implementation of a comprehensive security and resiliency strategy to mitigate
outside threats and ensure our assets. You will also be the go-to when our
enterprise clients want diligence for our information security practices.
You will ensure business alignment with executive team members and will
anticipate the IT needs of our business. In this role, you will be leading IT
Infrastructure, Security, and client Due Diligence requests as well as
projects for improving our business.
We are a Mac heavy environment with both Microsoft and Apple machines
distributed primarily around three office locations with some remote employees
as well. We make heavy use of Rippling for monitoring and device management –
expect to administrate the Rippling system as well as develop new automation
within the platform.
Join us in contributing to the creation and delivery of a high-value
enterprise IT operations program across Fortress.
Ensure compliance with our Information Security program; build guidelines,
policies, standards, and regulations.
Create, develop, maintain, and ensure adherence to policies and procedures
related to IT security/privacy and systems resiliency
Create, manage, and oversee an information risk management program with
appropriate risk assessment processes and business associate oversight.
Create, develop, and oversee resiliency, system downtime, disaster
recovery, and business continuity programs, processes, and technology.
In partnership with legal and compliance departments, establish a shared
vision with employees including providing regular updates on the status of
the Information Security Program to executives.
Create exceptional customer relations and maintain relationships through
continuous improvement efforts.
Establish appropriate metrics to track improvement of the security
Oversee the dissemination and implementation of cybersecurity policies,
standards, best practices, and education to technical personnel with
Construct and direct strategic roadmap of IT infrastructure, security, and
service delivery operations by developing goals and objectives, policies,
procedures, and processes as needed.
Partner closely with leadership to ensure close alignment and support for
any technical, security, or privacy aspects of contracts, systems, and
related information security needs.
Conduct research and provide updates on industry trends, standards, and
Create a risk-based process for vendor risk management.
Maintain a current understanding of the cyber threat landscape, building
and maintaining a system resiliency enterprise function through training
people, building processes, and implementing new technologies.
Bachelor's degree in Computer Science, Information Systems Management, or
6+ years of related experience
Technical knowledge of different types of networking, applications, and
Strong attention to detail.
Excellent interpersonal skills and professional demeanor.
Excellent verbal and written communication skills.
One or more of the following professional certifications: CCISO, CISSP,
CISM, CGEIT, SANS/GIAC, CHISL, CBCP, BCM, ABCP
Experience as an IT project manager.
Disaster Recovery and Business Continuity oversight experience.
Highly competitive compensation packages.
Comprehensive benefits, including 100% paid medical insurance coverage for
you and your dependents.
Professional growth and development.
Read Full Job Description