Senior Information Security Manager

About the team

Beautiful.ai is changing the way the world presents by building fast, foolproof tools that enable anyone to tell visual stories that win. We are looking for a dynamic and talented Senior Information Security Manager to join us in our pursuit!

The Beautiful.ai team is a playful, driven, and passionate group of pet-lovers, video-gamers, and pickleball enthusiasts. With a globally-distributed remote team and a San Francisco-based office, we find unique opportunities to get to know each other personally, while delivering on our goals. Data-driven decision making and an outcomes-focused mindset are core to our way of working.

About the role

As a Senior Information Security Manager at Beautiful.ai, you will work with our Security and Engineering teams to secure corporate security assets and infrastructure supporting the Beautiful.ai product and service. Our Information Security program is being established and built as we go - with this comes a high level of autonomy and the opportunity to be seen as a true subject matter expert

What you’ll do

• You will own the internal audit function and manage the annual SOC2 Type 2, PCI-DSS, CCPA, and GDPR programs.
• You will own the third-party security questionnaires (using HyperComply) & respond to security sections on Request for Proposals (RFP), manage and streamline audit procedures, review security contract clauses and perform vendor assessments from our customers.
• Organize and track known security issues and their remediation across the enterprise risk register. A basic understanding of application and infrastructure security is required, enough to communicate the issues to our Engineers, and to understand their response.
• Become our security champion by leading internal security awareness and training programs. You can develop and deliver the training in a way that you will find appropriate.
• Review phishing alerts and tweak the Google Workspace tenant to filter out common spam campaigns.
• Manage the EDR/NGAV system; triage alerts and prioritize remediations as needed.

What we expect from you

• Prior experience with vendor management, audit processes, security questionnaires, and the contracting process.
• Familiarity with cloud concepts and technologies such as VPCs, Security Groups, Cloud Logging, Cloud Security Posture Management, Load Balancing, and TLS - Google Cloud experience is a plus.
• Prior experience with triaging and responding to various security alerts such as phishing and EDR/malware.
• A degree of flexibility and initiative is required to work in a startup where roles and responsibilities are relatively fluid over time. Being flexible and adaptable is a must

You are an ideal candidate if:

• You have experience with compliance frameworks such as SOC 2, ISO 27001, GDPR, etc.
• You have experience and knowledge of cloud space (GCP, AWS, Azure)
• You have an IT background including system administration skills, especially with GSuite, GCP, AD environments, along with MDM such as Jamf or Intune.

Benefits

• 100% Medical/Dental/Vision insurance covered for the employee / 60%-65% covered for dependents
• FSA and Commuter Benefits
• Life / AD&D and Disability Coverage
• Competitive Equity with a 4 year vesting schedule
• Parental leave for birthing or non-birthing parents
• Comprehensive 401K program
• Open vacation policy and a fully remote work policy