Security Operations Officer

FullStack Labs is the fastest-growing software consultancy in the Americas. We help organizations like Uber, GoDaddy, MGM, Siemens, Stanford University, and the State of California, build distributed software development teams, and deliver transformational digital solutions. As an employee-first company, we focus on hiring the most talented software designers and developers in the western hemisphere, by creating a positive, respectful, and supportive work environment where they can achieve their greatest potential.

We’re most proud of:

- Offering life-changing career opportunities to talented software professionals across the Americas.
- Building highly-skilled software development teams for hundreds of the world’s greatest companies.
- Having delivered hundreds of successful custom software solutions, which have positively impacted the lives and careers of millions of users.
- Our 4.5-star rating on GlassDoor.
- Our client Net Promoter Score of 68, twice the industry average.

**The Position**:
We're looking to hire a professional who has deep experience with Security and Compliance for Software Services. Primary responsibilities will include:

- Develop internal company policies and controls and track compliance.
- Achieve certifications and pass audits for standards such as SOC 2, ISO 27001, HIPAA among others.
- Work with auditors to ensure certifications are properly achieved year over year.
- Report to management concerning the organization’s compliance with laws and regulations.
- Take action in dealing with noncompliance situations, creating realistic plans to overcome them.
- Conduct regular internal audits to identify potential weaknesses and noncompliance situations.
- Communicate with employees and make sure everyone is aware of what they need to do to comply with internal and external laws and regulations.
- Make sure the organization has a clearly defined program for complying with each country’s information security laws.
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Monitor, track and remediate security incidents, and incorporate the lessons learned into ongoing policies and standards, with the goal of preventing such incidents.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle for FSL’s clients.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
- Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
- Collaborate with Operations Team members to obtain and review comprehensive background checks of potential company personnel.
- Respond to client and prospective client inquiries regarding security policies and procedures.
- Work with the Logistics Team to ensure that company equipment meets applicable security safeguards.
- On-boarding and Off-boarding tasks for team members and clients.
- Overall improvement of company processes and procedures.

**What We're Looking For**:
Must-Have:

- Bachelor's degree in business, with IT audit or compliance experience, or computer science, with business and IT audit or compliance experience desired
- Knowledge and understanding of SOC-2, FISMA and NIST and information security standards
- Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley, ISO, HIPAA and PCI highly desired
- Minimum five years' experience conducting security control assessments or audits
- Minimum two years' experience developing or managing a security awareness program
- SOC-2 audit experience from a major professional services firm highly desired
- At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
- Strong oral and written communication skills
- Ability to maintain security documentation and manuals
- Must have strong analytical and critical-thinking skills
- High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities

**Benefits**:

- Competitive Salary.
- Paid Time Off (vacation, sick leave, maternity and paternity leave, holidays).
- 100% remote work.
- The ability to work with leading startups and Fortune 500 companies.
- Health policy with Sura 100% for you and up to 4 primary family members.
- English Classes.
- Sodexo food card.
- Virtual company events each month.
- Ample opportunity for career advancement.
- Continuing education opportunitie