Security Manager

SpotHero is seeking a security manager that will leave a lasting mark on SpotHero for many years to come. We need someone to build out a security program, for both production applications (web and mobile) and corporate cloud-based IT. This is a player/coach position, we're looking for someone technically senior in the SecOps space, comfortable leading initiatives, change management, and a small team.

Who we are:

At SpotHero, we work as a team to empower people to get everywhere, easier! We're rapidly growing with the mission of bringing the parking industry into the future through technology. Drivers across North America use the SpotHero mobile app or website to reserve convenient, affordable parking in advance, on-the-go or through their connected cars, and parking companies rely on us to help them reach new customers while optimizing their business. We connect the dots with cutting-edge technology, delivering value to both sides of this exciting, evolving marketplace. We've been quite busy, take a peek at some of our recent announcements.

What you will do:

• Build a security program for our product application and corresponding infrastructure (AWS, Kubernetes, Docker).
• Drive SecOps and DevSecOps methodologies across all of engineering.
• Build an education program for foundational understanding of common exploits (eg OWASP Top 10).
• Organize and lead the various testing approaches for periodic assessment of our application's security (eg annual penetration testing with external vendor, periodic vulnerability scans, etc).
• Identify, manage, escalate, as appropriate, risks, issues, and roadblocks to timely delivery.
• Own our established bug bounty program, and work with engineering teams to confirm and resolve reported issues.

• Work with Corporate IT to build a security program that encompasses our corporate assets (eg endpoints), workspace tools (eg gmail, google drive, jira, atlassian, etc) and office network infrastructure.
• Work with Corporate IT to build and drive security education to all employees, especially around phishing, data privacy, and PII.

• Own process for reviewing potential vendor security practices (ie TPRM) and responding to prospective partnership security questionnaires.
• Create pragmatic documentation for the security policies and practices that are in place or you put into place.
• Conduct internal audits for information security, governance, and compliance best practices.
• Perform forensics and root cause analysis of incidents.
• Work with key stakeholders to efficiently and effectively remediate roadmap or product teams blockers.
• Providing tactical oversight to ensure IAM platforms and services remain fully operational, up to date, and consistently monitored.
• Ability to manage vendor engagements and oversee execution of statements of work.

What you bring:

• 5+ years of experience in security operations, with 1 - 2 of those managing people (not required).
• Ddeep understanding of Cybersecurity with an emphasis on the facets that relate to our corporate assets and product application and infrastructure.
• Exceptional communication skills, and the ability to influence without having direct authority. Building strong relationships enables driving results.
• A strong background in application security, although you may be more focussed on strategy these days.
• A player/coach approach. Hands on keyboard is a must. This likely means you can program (or write scripts), know how to setup the appropriate tools, and can still ethically hack.
• Belief in automation when possible, and know how to do it.

Nice to have:

• 2+ years managing people - a strong PLUS!
• You likely have some security certifications, such as CISSP, OSCP, etc.

Steps to apply: Please include any GitHub account, LinkedIn profile, and any project that you're particularly proud of. We love seeing work that others loved working on.

What we offer

• Career game changer – a truly unique experience to work for a fast-growing startup in a role with unlimited potential for growth.
• Competitive benefits –
  • In the US: we cover up to 95% of Medical Premiums, 50% of Dental and Vision Premiums, company sponsored Life Insurance, 401K + company match, and generous parental leave.
  • In Canada: we offer Medical (prescription drug and paramedical coverage), Dental, Vision, Life Insurance, STD and LTD.
• Flexible, unlimited PTO policy and supportive work/life balance – we value and support every Hero on the team, and create space for life!
• Annual parking stipend (duh- we help people park!)
• The opportunity to collaborate with creative, innovative, and passionate people in a casual, yet highly productive, atmosphere.
• Our award-winning culture has received recognition from Built In's 2021 Moxie Awards, as a 2021 Best Places to Work in Chicago, Top Company Culture by Entrepreneur, 2022 Best Places to Work in Chicago by BuiltIn, and recipients of the Best Company Culture, Best Company for Women, and Best Company for Diversity awards from Comparably!

At SpotHero, we Respect Fellow Drivers by providing an inclusive interview experience for everyone, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. Please let our team know of your need when you apply or as you begin interviewing with our team.

SpotHero is an equal opportunity employer. We know that a diverse workforce is the strongest workforce, and are committed to building and supporting an inclusive environment for all.

Additionally, because we want to Remember to Signal, if you choose to provide us personal information in connection with a job application, please review our Applicant Privacy Notice which provides details about what information we collect and process about you in order to consider your candidacy.

PLEASE NOTE: This position is ineligible for visa sponsorship. To be considered for this role, you must be legally authorized to work in the US or Canada and not require sponsorship for employment now or in the future.