FarEye - Manager - Information Security

Manager-Information Security

Who We Are:

FarEye is a low-code, Intelligent Delivery Management Platform, that makes the delivery experience better for everyone. Our low code/ no-code SaaS platform helps shippers and carriers to do deliveries at reduced cost and high customer experience. With 20+ Gartner mentions, FarEye is empowering more than 150 enterprises across 30 plus countries to win in this customer-centric era with exceptional delivery experience and efficient operations.

- Forbes; FarEye is on track to be a Unicorn in 2022.

- Great Place to Work; 3 years in a row.

- Deloitte; Amongst Top 25 companies based on our revenue growth (for 4 consecutive years).

Position Overview:

- As an IT Security & Risk Lead/Manager, you will be responsible for protecting IT infrastructure (including networks, hardware and software) from a range of security threats, ensuring the organization is compliant with latest standards, our products are secure and data safe.

- The focus areas will be ISMS, IAM, GDPR, SOC and anything related to privacy and information security which can impact the organization adversely.

Responsibilities:

- You will perform the following activities in this role:

- Keep up to date with the latest security and technology developments

- Research/evaluate emerging IT security threats, ways to manage them and communicate with internal and external stakeholders about the same proactively

- Plan for disaster recovery scenarios and create contingency plans in the event of any security breaches

- Monitor for attacks, intrusions and unusual, unauthorized or illegal activity

- Evaluate external products the organization is procuring for security vulnerabilities

- Design new security systems or upgrade existing ones in the workplace

- Engage in 'ethical hacking', for example, simulating security breaches and identify potential weaknesses and implement measures, such as firewalls and encryption

- Investigate security alerts and provide incident response

- Liaise with stakeholders in relation to IT security issues and provide future recommendations

- Maintain an information security risk register and assist with internal and external audits relating to information security

- Assist with the creation, maintenance and delivery of IT security awareness training for colleagues

- Monitor and respond to 'phishing' emails and 'pharming' activity and give advice and guidance to staff on issues such as spam and unwanted or malicious emails

- Product Security; Work with developers and architects to ensure security is appropriately built into the software development cycle and DevOps pipeline

- Product Security; Ensure appropriate internal testing of applications prior to deployment, either driven by self or via a external vendor

Functional Areas:

- Your work will be split in the following areas:

- Consulting; Offering advisory services to clients and internal leaders

- Sales Enablement; Collaborate with our Sales Team to create collaterals which help us win!

- Strategy; To keep our organization ahead of potential threats. Create vision document and execute it with our Engineering team

- Security Operations; Working to protect the security of the organization on a daily basis by observing, evaluating threats and taking necessary actions which mitigate any risk

Span of control:

You will interact with/influence the following stakeholders within and outside FarEye:

- Existing and Prospective customers

- FarEye Senior Leadership Team/Executive Leadership Team

- FarEye Internal teams

- FarEye Engineering & Product Leaders and Managers

- Vendors (Compliance/Audits)

Educational Requirements:

- Bachelor's or Master's Degree in Engineering in CS, IT or related field. Preference to individuals with relevant degrees or certifications in the field of IT Security

- 8 to 12 years of progressive IT solutions, compliance, regulatory experience and roles of increasing responsibility

- Demonstrated success in a leadership role in IT Security space, with at least 3 years in a managerial role or above

Techno-Functional Requirements:

- Expertise in IT development, integration, delivery, and maintenance

- Hands on knowledge of Penetration/Hardening preferred

- Hands on knowledge of Cloud Security preferred

- Ability to create a team around himself/herself

- Ability to create organization strategy

- Ability to interact and influence existing and prospective customers

- Understanding of security requirements for Sarbanes-Oxley, ISO Certifications, Data Privacy laws, and PCI. Cyber security, including strategy creation

- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies

- Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and vendors

- Excellent written, verbal communication and presentation skills.

- Ability to effectively adapt to rapidly changing technology and apply it to business need