Cybersecurity Risk Manager

About Harry’s 

Harry’s Inc. is building a modern CPG company by putting people first and delivering against real unmet consumer needs.
The company’s flagship brand - Harry’s -  was founded by Jeff Raider and Andy Katz-Mayfield in 2013. After successfully launching and scaling Harry’s, Jeff and Andy saw an opportunity to bring their experience building Harry’s to other CPG categories where the consumer has also been historically underserved.
Harry’s Inc. has grown significantly over the last ten years, and is now made up of four brands -  Harry’s, Flamingo, Lume, Mando -  and Harry’s Labs, the company’s incubation and M&A engine. The company employs more than 900 people across the U.S., U.K. and Germany, and is the largest CPG company built in the last 20 years.
At Harry’s Inc, our mission is to Create Things People Like More — whether it's a product, an experience, or an internal tool, we believe in making the things around us better for our customers, and our team.
Our mission extends beyond customers and team, to the community broadly. We believe that the best business models make a positive impact. So, we set aside 1% of sales across Harry’s, Flamingo, and Lume to support our social mission, including through donations to our nonprofit partners.
At the end of the day, the key to our success is our amazing people. From chemists, mechanical engineers, CX associates, to creative directors, sourcing managers, and logistics specialists, the Harry’s team is composed of some of the most brilliant, diverse, and humble people you’ll ever meet. Our company is a place of inclusion, innovation, and deeply ingrained values.

The Harry's Inc working model is in-office Tuesday, Wednesday, and Thursday. Our beautiful 70,000 square foot SoHo office is decked out with bagels on Wednesdays and lunch on Thursdays, and fully stocked kitchens with snacks, coffee, and drinks everyday.  Can’t forget the free products and the opportunity to have some meetings without Zoom!

Job Summary:

The Cybersecurity Risk Manager is responsible for identifying, assessing, and mitigating risks associated with information security. This role involves analyzing and evaluating the organization's information security posture, conducting risk assessments, and recommending security measures to protect against potential threats. The ideal candidate will have a strong understanding of cybersecurity principles, risk management frameworks, and compliance requirements.

Key Responsibilities:

1. Risk Assessment and Management:
• Conduct comprehensive risk assessments to identify vulnerabilities and threats to the organization's information assets.
• Evaluate the potential impact and likelihood of identified risks.
• Develop and maintain risk registers and documentation.
• Recommend and implement risk mitigation strategies.
2. Security Policies and Procedures:
• Develop, review, and update information security policies, procedures, and guidelines.
• Ensure compliance with industry standards, regulations, and best practices.
• Collaborate with other departments to integrate security policies into organizational processes.
3. Threat and Vulnerability Management:
• Monitor and analyze security threats and vulnerabilities using various tools and techniques.
• Conduct regular vulnerability assessments and penetration testing.
• Coordinate response efforts for security incidents and breaches.

1. Compliance and Audit:
• Assist in ensuring compliance with relevant regulations (e.g., GDPR, HIPAA, PCI-DSS) and standards (e.g., ISO 27001, NIST).
• Prepare for and support internal and external audits.
• Implement and manage security controls to meet compliance requirements.
• Assist with GRC tracking across the organization.
2. Security Awareness and Training:
• Assist with delivery of security awareness training programs for employees.
• Promote a culture of security awareness within the organization.
3. Reporting and Communication:
• Prepare security posture reports for Director of Cybersecurity
• Develop reports and evaluate the results of the vendor assessments
4. Continuous Improvement:
• Stay updated with the latest cybersecurity trends, threats, and technologies.
• Recommend and implement improvements to the organization’s cybersecurity posture.

Qualifications:

• Education:
• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Experience:
• Minimum of 3-5 years of experience in cybersecurity, risk management, or a related field.
• Proven experience in conducting risk assessments and vulnerability assessments.
• Skills:
• Strong understanding of cybersecurity principles, risk management frameworks (e.g., NIST, ISO 27001), and regulatory requirements.
• Proficiency with security tools and technologies (e.g., SIEM, IDS/IPS, vulnerability scanners).
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills.

Working Conditions:

• Hybrid Onsite work schedule
• This position may require occasional travel.
• Ability to work in a fast-paced and dynamic environment.
• Availability for on-call duty in case of security incidents

Benefits and perks

• Medical, dental, and vision coverage
• 401k match
• Equity in Harry’s 
• Flexible time off and working hours
• Wellness and L&D stipends
• 4 weeks sabbatical after 5 years, 6 weeks after 10 years, and 8 weeks after 15 years 
• Up to 20 weeks of pregnancy leave and up to 16 weeks of parental leave
• Fun IRL and virtual events including happy hours, team building events, and parties on our rooftop
• Free products from all of our brands

Harry’s is committed to bringing together individuals from different backgrounds and perspectives. We strive to create an inclusive environment where everyone can thrive, feel a sense of belonging, and do great work together.

Harry’s is an Equal Opportunity Employer, providing equal employment and advancement opportunities to all individuals. We recruit, hire and promote into all job levels the most qualified applicants without regard to race, color, creed, national origin, religion, sex (including pregnancy, childbirth and related medical conditions), parental status, age, disability, genetic information, citizenship status, veteran status, gender identity or expression, transgender status, sexual orientation, marital, family or partnership status, political affiliation or activities, military service, domestic violence victim status, arrest/conviction record, sexual or reproductive health decisions, caregiver status, credit history immigration status, unemployment status, traits historically associated with race, including but not limited to hair texture and protective hairstyles or any other status protected under applicable federal, state and local laws. Harry’s commitment to providing equal employment opportunities extends to all aspects of employment, including job assignment, compensation, discipline and access to benefits and training.

We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our company.

We can’t quantify all of the intangible things we think you’ll love about working at Harry’s, like the exciting challenges we tackle, the smart and humble team you’ll get to work with, and our supportive and inclusive culture. That said, our salary ranges are based on paying competitively for our size and industry, and are one part of our total rewards package, which also includes a comprehensive set of benefits and our equity program. The base salary hiring range for this position is $120,400-$165,550, but the final compensation offer will ultimately be based on the candidate’s location, skill level and experience.