Information Security Manager

Gloo was founded as a mission-driven organization with the goal to release the passion in every person to Champion the growth of another so they can be all they were born to be.

Today, organizations of all sizes in the addiction recovery and faith space use Gloo’s products to become more informed, better connected, and fully equipped to overcome their greatest challenges and achieve powerful outcomes, helping people progress through their personal growth journeys.

By building a common platform, we are creating a shared infrastructure that removes friction, promotes collaboration, and equips leaders with the right tools to galvanize personal growth and change lives. We are a fast-moving and passionate team that is looking for more talented professionals who are driven to make a positive impact. 

The Opportunity:

Within the Trust team, you’ll take on the role of owner and implementer of Gloo’s Information Security function, including information security strategy and governance, program development and management, operations, information security risk management, and incident management. You’ll implement the Gloo Information Security Program through partnership with and influence into the Gloo product and engineering organization. Serving on the front-line, you understand information security while also having an appreciation for balancing business value and partnering with our business teams (including but not limited to: product, engineering, marketing, support, finance). 

The Team:

In this role you’ll collaborate effectively with the balance of the Trust Team (privacy, trust operations, compliance, legal). Gloo’s Trust program must meet and exceed the expectations of Gloo’s champions and the community we serve. Our business and ability to serve our champions is dependent upon the trust we develop and you are central to that core value proposition.

What You’ll Be Doing: 

• Information security governance: ensure alignment with organizational needs; incorporate legal/regulatory/contractual requirements; design organizational structures/roles/responsibilities
• Information security strategy development: develop and continually evaluate strategy based on SOC 2 framework and NIST-Cybersecurity framework; strategic planning for security initiatives (budgets, resources, business case)
• Information security program management: control implementation and integration; control testing and evaluation; program communications and reporting to leadership; work with product and engineering teams to embed “information security by design” into the product development process; define security requirements for supported IaaS and PaaS solutions; ensure engineering completes policy- and control-mandated periodic tasks
• Information security risk assessment and response: continually evaluate emerging risk and threat landscape; vulnerability and control deficiency analysis; general security risk identification and analysis; product-level and HIPAA security rule risk assessments; recommend risk treatment/reduction/acceptance/response options; risk and control ownership; risk monitoring; remediate gaps (often cross-functional); reporting to leadership
• Incident management readiness: participate in development of and updates to incident-readiness plans (IRP, BCP, BIA, DR); lead tabletops
• Incident management operations: participate in configuration design and alert response for monitoring and logging tools; lead incident investigation/evaluation; incident containment; incident response communications (reporting, notification, escalation); incident eradication and recovery; post-incident review

Requirements

What We’re Looking For: 

• 6+ years experience in Information Security at a technology company, with preference for experience leading the program.
• Preference for BS in information security, computer science, or related discipline.
• Strong ability to motivate others, build business cases, respond to debate, and influence without authority.
• Acute knowledge of information security requirements and frameworks (with preference for SOC 2, NIST, HIPAA security rule).
• Technical expertise in information security requirement implementation on infrastructure and security automation tools and platforms.
• Strong communication skills with the ability to share knowledge and encourage others to embrace Trust programs.
• Strong attention to detail and project management skills: ability to drive projects from beginning to closure with auditable documentation.
• A trust mindset with a business sense: understand the cost-benefit of implementation.
• Information security domain expertise demonstrated by coursework, experience, or certifications like CISM, CISSP, C-CISO.
• Ability to travel to Boulder, Colorado 2-3 times per year for up to 5 days at a time for company and/or team on-site meetings.
• Comfortable working in an iOS, Slack, Google Workspace environment.

Compensation: $135,000 - $180,000

Benefits

Our Team Members Enjoy:

• Compensation and bonus commensurate with experience
• Remote work capability
• Plenty of time off to keep you balanced
• Medical benefits with multiple plan offerings, HSA contribution, and Dental and Vision plans
• A dynamic, talented team, dedicated to changing the world and building an incredible business
• Onsite and virtual social events to keep us connected in our hybrid work environment
• Beautiful office space in downtown Boulder on Pearl Street, steps from coffee shops and blocks from hiking trails

Applications will be accepted until the position is filled.