IT Security Manager at Rubris

While we are a fully-remote company, we are accepting candidates who reside and work daily within 2 hours of Eastern Time

As an IT Security Manager at Rubris, you will play a critical role as a subject matter expert responsible for our information security, compliance, and risk management function and programs. This role focuses on CMMC, NIST, and SOC 2 compliance, security policy development, vulnerability monitoring, incident remediation support, vendor risk management, and employee security awareness.

Our Company
Rubris Inc. provides transformational legal technology and solutions for complex business and legal processes in the mass tort industry. Our data solutions streamline and automate processes to improve efficiency while delivering unprecedented insights and analytics.

Key Responsibilities
Security Compliance and Certification
• Manage certification frameworks, including CMMC, NIST, and SOC 2
• Assist the Company to successfully achieve compliance with applicable security certifications
• Develop, track, and maintain security and compliance policy documents
• Build and maintain controls documentation aligned with multiple compliance frameworks and standards
• Ensure ongoing compliance with the Company’s information security policies and procedures and ensure controls are implemented

Risk Management and Security Standards
• Develop IT security standards, best-practice implementations, and systems to ensure enterprise information system security
• Identify acceptable levels of risk and establish roles and responsibilities for information classification and protection
• Maintain security policies and procedures
• Evaluate risk and develop security standards, procedures, and controls with a mindset of continuous process improvement

Vulnerability Management & Incident Support
• Analyze and review system configurations for security vulnerabilities
• Monitor Company security vulnerabilities
• Assist with remediation of escalated incident tickets and review completed tickets for accuracy and sufficiency

Vendor Security and Technology Coordination
• Conduct vendor security assessments and support the Company’s vendor management program
• Coordinate security and compliance technology development requests
• Coordinate with external IT service providers on security and compliance matters, including device configuration, application management, and security updates

Governance, Reporting and Leadership Communication
• Attend Security Committee meetings and draft meeting minutes
• Coordinate Security Committee meetings and maintain records of activities
• Communicate cybersecurity risks to senior management through reports, presentations, metrics, and documentation

Security Training & Awareness
• Conduct security awareness training and assist with publishing security bulletins and advisories
• Design and conduct testing of data security controls, including simulated events and phishing exercises
• Provide security guidance and training to Company employees
• Provide security guidance for IT projects, including evaluation and recommendation of technical controls

What you bring
• Bachelor's degree or equivalent and 5-8 years of experience in IT security, information security, or cybersecurity required
• Previous experiencing managing this function within a fully remote company preferable
• Ability to work independently and with a self-directed mindset of ownership of this function is critical to success
• Hands-on experience with CMMC, NIST, and/or SOC 2 compliance
• Experience developing and maintaining security policies, procedures, and controls documentation
• Knowledge of risk assessment, vulnerability management, and incident response support
• Ability to communicate security risks and requirements to technical and non-technical stakeholders

What we offer
• 100% remote work (MacBook Pro provided)
• Fully paid premiums for employee medical, dental, and vision insurance
• Annual paid time off (PTO) plus 11 paid holidays
• 401(k) plan with employer contribution that is 100% vested
• Opportunities to advance, develop, and make an impact as part of a growing company

Our Rubris Core Values
We value the importance of connecting, collaborating, and celebrating while committing to a mindset of joint ownership of outcomes guided by our core values:
• Shift your perspectives: Ideas are developed by understanding different viewpoints
• Be generous: We have better experiences and achieve more when kindness and generosity are abundant
• Love what you do: Wake up each morning excited to learn new skills, incubate ideas, and tackle fresh challenges
• Be true to your word: We take our commitments to clients and each other seriously
• Build strong relationships: Take the time to build strong relationships with colleagues and clients - our technology is built and used by humans

Rubris believes in creating an environment of inclusion and belonging. We advance the most talented individuals regardless of their race, sexual orientation, religion, age, gender, disability status or any other dimension of diversity. The success of our team members drives the success of our business and promoting a culture in which every team member feels respected and supported creates a workplace in which we all can accomplish our goals. Please alert your recruiter if you require an accommodation during the hiring process.