Senior Information Security Engineer - job 2 of 2

Based in Washington, D.C., Quorum is a fast-growing software company and is the leading provider of workflow software and information services for government affairs professionals across the corporations, non-profits, associations, and governmental end-markets. Quorum allows users to manage stakeholder engagement, launch grassroots advocacy campaigns, and track legislative activity at all levels of government, including federal, state and local.

Quorum provides mission-critical solutions to public affairs professionals for their work in Congress, all 50 state legislatures, major U.S. cities, the European Union, and 30+ countries around the globe. Quorum serves over 2,000 customers globally including over 50% of the Fortune 100, and has over 350 team members across the globe. The company recently acquired Capitol Canary, a market leader in grassroots advocacy software.

Our Information Security team plays a pivotal role in ensuring compliance, data privacy, and a robust security infrastructure that not only supports all our products but also empowers our entire organization to thrive and succeed. As a Senior Information Security Engineer, you will report to the Director of Operations Engineering and collaborate across all area of our organization, ensuring comprehensive security measures are implemented, ranging from infrastructure and systems to data protection and risk management.

What You'll Do

• First Week: You'll familiarize yourself with the organization's information security policies, procedures, and systems.
• First Month: You'll develop a comprehensive understanding of the organization's infrastructure, systems, and data flow. Conduct a thorough risk assessment to identify potential vulnerabilities and prioritize security measures accordingly.
• First Six Months: Conduct regular security audits and vulnerability assessments to identify and address any emerging threats or weaknesses. Continuously monitor and evaluate the effectiveness of implemented security controls and adjust as needed.
• First Year: Implement a robust security governance framework to ensure consistent and effective management of information security. Establish FedRAMP compliance and maintain current SOC and PCI security standards.

About You

• U.S. citizenship required
• At least 5 years' experience with Security and Compliance.
• Proficiency with Federal regulatory controls and program requirements for FedRAMP
• Knowledge of Security and Privacy Regulations (e.g., NIST 800 series, ISO, SOC2, PCI, CCPA, GDPR)
• Comprehensive understanding of significant data privacy standards such as CCPA and GDPR
• Experience with DevOps concepts, tooling, and software development
• You want to work in a fun environment where you can form real friendships with other professionals and where you have a strong sense of belonging at a growing startup.
• You're excited to pitch in where ever needed, from helping in recruiting to supporting customers.
• You are looking to join a dynamic team immediately.

About the Team

• We're very close as a team and invest not only in each others' skills and careers but also in building real relationships with one another: product development is a team sport and we believe that it's better (and more fun) to work on a team of people that you know well and care about.
• We develop and enforce information security policies, procedures, and guidelines to ensure compliance with industry regulations and standards.
• We design, implement, and maintain secure infrastructure, networks, and systems, ensuring the confidentiality, integrity, and availability of sensitive data..
• We establish and maintain an effective incident response plan, enabling swift and coordinated action in the event of a security incident to minimize impact and facilitate recovery.
• We assess the security practices of third-party vendors and manage relationships to ensure they meet the organization's security requirements.
• We conduct internal and external audits to evaluate the organization's compliance with industry regulations and standards, making necessary improvements to maintain a strong security posture.

Our Work Environment

• We are a hybrid team with flexible work options: work remotely or choose to come into our vibrant, sunlit space in our modern, open concept office in Washington DC.
• Our office building is located in the heart of downtown DC, easily accessible by metro, bus, and rideshares. It is also in close proximity to great restaurants, food trucks, shopping, and popular happy hour spots.
• Our team loves to spend time doing fun things outside of the office - both together and remote, which we call Quorum Fun events. Past Quorum Fun events have included apple picking, yoga, virtual art classes and wine tasting.

Do you want to learn what it's like to have a real impact at a fast-growing company that is changing the way the advocacy process works? If so, drop us a line. We'd love to talk to you!

Compensation Structure

• Base Salary: $120,000.00 – $160,000.00 (commensurate with experience)

Benefits

• Flexible Time Off Policy
• Paid Company holidays plus additional company-wide days off for team members to rest and recharge
• Four Day Weekends for President's Day, Memorial Day, Fourth of July and Labor Day
• Free Subscription to the Calm app
• Invest in Yourself Days - one designated day per quarter is dedicated to your professional development!
• Monthly professional development stipend
• One-time Work from Home Stipend
• 401k match
• Choice of trans-inclusive medical, dental, and vision insurance plan options
• Access to the CIGNA Ginger App to provide behavioral health coaching, therapy, psychiatry and self-care resources
• Virtual and in-person team events
• Bright sunlit open office concept with your own dedicated desk (if you want it)
• Inclusion & Diversity Affinity Groups to support belonging
• 12 weeks paid parental leave

For any questions regarding any open roles on our team, please reach out to recruiting@quorum.us.

We comply with all requirements for US government federal contractors issued by the OFCCP, IFR, and the terms of our government contracts.