Overview

ScheduleOnce is an innovative and thriving software-as-a-service company that provides a feature-rich scheduling platform to businesses.

As a SaaS company, we operate virtually and globally. We see no reason to constrain ourselves to a physical office. A virtual operating model allows us to hire the best talent, no matter where they reside. It elevates the level of employee productivity and satisfaction, which correlates directly with our customers’ satisfaction.

We are looking for a Security and Compliance Manager to lead our security and compliance efforts and support our rapid growth within the Enterprise market. Candidates should have the potential to serve as ScheduleOnce’s top authority on all security and compliance matters.

Please note:
– ScheduleOnce operates virtually and all employees work remotely from home.
– Urgent security and privacy incidents may require out-of-hours responses, including nights and weekends.

Roles and responsibilities:
– Ensure compliance with security and privacy frameworks (PCI, HIPAA, GDPR, etc.)
– Define security policies and controls in line with SOC2, ISO27001 and NIST standards
– Suggest and implement continuous improvements to ScheduleOnce security through an ongoing risk management process
– Manage security of production and QA environments
– Manage IT and security of employee devices across a geographically distributed team
– Develop and deliver training and security awareness programs to employees
– Provide an information security perspective on compliance with client agreements
– Develop security policies and standards and ensure they are implemented and followed
– Ongoing monitoring of the company’s security and compliance health on all fronts
– Act as a subject matter expert on security and privacy throughout the product development lifecycle
– Define and manage the company’s security and compliance roadmap

Requirements:

– 2 years of experience in a technical or security role
Information security certification is an advantage (CISSP or CISM)
– Experience with security and privacy frameworks (SOC2, ISO27001, HIPAA, PCI, NIST, CSA, EU Privacy Shield)
– Experience writing professional requirements and policy documents
– Experience with cyber security concepts, protocols, processes, architectures and tools
– Excellent English, written and verbal communications skills (Native)
– Hands on, fast learner, good team working skills and highly motivated
– Knowledge of Information Security/Risk Management best practices
– Understanding of business and technical risk, how to translate between the two and communicate to various levels of technical and business stakeholders