IT Security Manager

Every day, we work together for what matters – bold, swift, and equitable climate action.

ABOUT THE ROLE

This is an exceptional career opportunity to bring your technical knowledge and expertise to 3Degrees! In this role you will be regarded as the subject matter expert and be a key contributor to ensuring that 3Degrees’s IT infrastructure’s ever-increasing security demands are met for both our global customers as well as our internal requirements. As the IT Security Manager, you will work closely with your fellow information system experts and your input will be invaluable towards informing our strategic, tactical, and IT operation plans including emerging IT security direction, policy, standards, and objectives.

This role may be located remotely, within the USA.  Additional consideration may be given to candidates located near our San Francisco or Portland, OR offices.

WHAT YOU’LL DO

• Design, implement, manage, administer, and test 3Degrees’ data security and systems

• Participate in developing corporate security and privacy policies, including policies for server builds, network device builds, patch management, event logging and monitoring, account audits, data handling roles & responsibilities, subcontractor vetting, cloud computing, etc.

• Serve as the company’s data security point of contact for 3Degrees business units, clients, and auditors

• Participate in development and implementation of disaster recovery and business continuity plans

• Perform security reviews for 3Degrees’ vendors

• Perform security evaluations for 3Degrees’ clients and auditors

• Manage annual corporate SOC 2 audit

• Work with our Systems team to configure company-wide tools for threat monitoring, DLP, IDS/IPS, and antivirus

• Monitor security logs and alerts

• Provide employee security advice and guidance, and administer required staff training

• Take point on security incidents

ABOUT YOU

You are an IS security expert with a strong understanding of industry security standards, tools, and resources.  You are customer-focused with the ability to partner with internal and external (client) stakeholders and a demonstrated expertise in privacy policies, to include policy development and relevant industry guidelines.

• 3-5 years relevant professional experience in the IS security segment. CISSP certification preferred

• Demonstrated expertise in the following areas/skills:

• IDS/IPS

• Penetration testing methods, including wireless pen testing

• Threat assessment

• Methods and technologies for encrypting data in transit and at rest

• Encryption key management/rotation

• Vulnerability scanning

• DLP

• DR/BC planning and testing

• TCP/IP networking and firewall configuration

• GDPR and CCPA regulations

• Familiarity with SOC 2 audits

• Documentation of incidents and policies

• Ability to explain complex technical concepts to all audiences

• Industry security standards such as NIST and ISO 27001

HOW WE DEFINE SUCCESS

Within 3 months

• You understand 3Degrees infrastructure, growth plans, and security posture
• You are able to make recommendations and provide input on security reviews and evaluations

Within 6 months

• You are familiar with the details of 3Degrees security and privacy policies, and are able to make recommendations on corporate policies and controls
• You are in sync with our systems team on patching and other security methodologies

Within 9 months

• In addition to the above, you are able to make recommendations on corporate planning
• You have developed materials and channels for corporate staff security communication, training, and advice

OUR COMMITMENT TO DIVERSITY, INCLUSION AND EQUITY

3Degrees is an equal opportunity employer. We are committed to creating an inclusive environment where different perspectives contribute to better solutions. 3Degrees welcomes people regardless of race, color, religion, national origin, gender, gender identity or gender expression, age, sex, pregnancy, marital status, ancestry, physical or mental disability, military or veteran status, sexual orientation, genetic information, or any other category protected by law.