Cyber Program Lead at Jellyvision
Jellyvision’s headquarters is in Chicago, and, post-COVID, many of us will be returning to the Chicago offices (by choice, not requirement -- our philosophy is “Flexible First”). But this position is also eligible for work by a remote employee out of CA, FL, GA, IL, KY, MA, MI, MN, NY, NC, OH, OR, PA, TX, UT, WA, or WI.
What we do
We’re the proud parents of ALEX®, an interactive employee communications platform that makes choosing (and using) employee benefits easier and more enjoyable. Our credo is a simple one: be helpful. And we think the best way to achieve that is with a staff that reflects the vast range of ideas, perspectives, and experiences of the millions of people who use our products.
Who we are
Jellyvision is committed to continuous evolution and to fostering a more diverse and inclusive workplace where everyone is welcomed, valued, and respected. It doesn’t matter your race, ethnicity, religion, sexual orientation, age, marital status, disability, gender identity, sex, or country of origin...we just want amazing people who are willing to grow along with us.How you'll help
As a Cyber Program Lead you will be working within our Information Security team to ensure Jellyvision continues our commitment in securing and protecting information of our customers and users. This position will report to our Director of Information Security and you will lead and support and improve our compliance activities as it relates to SOC/SSAE 16 and HIPAA, while also focusing on further technical deployment of our information security tools and best practices.What you'll do
- Lead Jellyvision security compliance projects and audits (e.g. SOC 2, ISO 27001, ISO 27018, PCI-DSS, HIPAA).
- Provides security experience and industry best practices, policy, and data protection & assurance requirements.
- Work in a small, tight knit cross-functional team of Engineering, IT, and HR to ensure security and compliance across the organization.
- Identify, document, and communicate security and compliance risks within our new and growing SaaS features and SDLC process
- Coordinate cyber security awareness and phishing training.
- Perform security assessments, risk assessments, application scanning, and vulnerability scans as well as manage subsequent remediation.
- Triage security alerts with speed, collaboration, and accuracy, partnering with IT, Security, and other stakeholders for fast resolution
- 5+ years experience as security analyst, and familiarity of cloud computing security and products.
- Passion for information security and learning.
- Strong understanding of information security tools and concepts (firewalls, proxies, SIEM, EDR, IDPS, PoLP, threat management, etc.)
- Familiarity with cloud-based computing platforms and related technologies (AWS strongly desirable.)
- Experience deploying resources using CI/CD tools such as GitLab or Jenkins
- Experience with monitoring, logging, and setting up alerts using SumoLogic and AWS Services
- Experience with industry and regulatory frameworks like NIST, SOC, PCI, ISO, CCPA, GDPR etc.
- Strong collaboration skills and a demonstrated ability to approach technical and business solutions in a consultative manner.
- Excellent verbal and written communication skills.
- Strong organizational and project management skills.
Nice To Haves (while not requirements)
- Security certifications are not required but are always a plus
- Experience working with PII, PHI, HIPAA, CCPA, and Healthcare sensitive data
- Experience with working with AWS
- Entrepreneurial and innovative
- Balances stakeholders
- Drives results
- Manages ambiguity
- Manages complexity
- Plans and aligns
- Strategic mindset
- Tech savvy
Thanks for your interest in Jellyvision!