Information Security Manager

Job Title: Information Security Manager

About Bombas:

Bombas is a comfort focused apparel brand with a mission to help those in need. The company launched in 2013, after the founders learned that socks are the #1 most requested clothing item at homeless shelters. From there, they set out to solve that problem, donating a pair of socks for every pair they sell. How do you donate a lot of socks? You sell a lot. And how do you sell a lot? You make the most comfortable socks in the history of feet. Millions of pairs sold and donated later, Bombas is continuing to innovate with new socks and apparel while creating a positive impact on the community where we all work and live.

Click here to see what it's like to work inside the Bombas Hive!

At Bombas, comfort is heavily rooted in our DNA. While striving to provide comfort for all, we welcome and celebrate minds from all backgrounds regardless of age, color, ethnicity, gender or gender identity, genetics, physical or mental ability, protected veteran status, race, religion and sexual orientation. We highly encourage candidates of all backgrounds to apply. Come as you are and we’ll welcome you to the Hive.

About the Job:

The IT & Information Security team at Bombas is responsible for the oversight and execution of “cloud-first” Information Security, Business Continuity and Risk Management programs to support the mission and business goals of our company. Our Team responsibilities include, but are not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning, identity management, network security, privacy, and compliance.

We are looking for an Information Security Manager to join our growing team of nearly 200 employees and lead the charge of supporting our internal Information Security function as we continue to scale. As the Information Security Manager at Bombas, you’ll be joining a small but growing technology team, and will have direct input into the creation of foundational processes and systems that shape the future of our business. You’ll report directly to our Sr. Director of IT and Information Security and work closely with all employees to build the information security function at Bombas. 

The ideal candidate holds a BS in Information or Cyber Security, a CISSP or similar credential in Info or Cyber Security and  has 7 or more years of experience in information security operations, experience in IT operations, outstanding critical thinking and problem solving ability, a commitment to teamwork and embraces a collaborative, fast-paced environment.

What you’ll be responsible for:

• Building the company wide information security compliance program, ensuring all Bombas business operations and activities, processes, and procedures meet defined risk and security requirements, policies and regulations
• Developing and overseeing the technology change management process at Bombas
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation
• Building and executing strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, SOX, NIST and CIS
• Work with our business partner organizations to manage risk and effectuate Bombas information security policies
• Execution of vendor, infrastructure, M&A, and other security reviews as necessary
• Execution of periodic user access reviews on critical systems and data
• Ownership of the security awareness training platform and program across the Group
• Serving as an escalation point for security alerts triaged by the Security Operations Center
• Driving identification and reporting of vulnerabilities and associated remediation
• Participation in security root cause analysis and forensics as part of the enterprise’s Cyber Incident Response Plan.
• Participation in various programs and initiatives supporting the further implementation of the company’s Information Security Policies and Standards
• Collection and presentation of key Information Security Metrics

What we’ll love about you:

• You have a clear and demonstrable passion for information security and information technology
• You are the kind of team member who makes everyone else on the team better
• You love helping people solve problems
• You are an outstanding critical thinker who always seeks out a better way to solve problems
• You value feedback and continuous professional improvement
• You proactively evaluate needs and risk, and are able to communicate and adapt your opinions to get new initiatives off the ground
• You’re curious and show an interest in new and emerging technologies
• You have excellent analytical and problem-solving skills, and can communicate your ideas clearly
• You believe in our mission and understand the importance of giving-back
• You are inquisitive, love to learn, embrace failure, and never give up
• You’re comfortable working in an open office environment while staying focused

What you’ll love about us:

• We are a team of smart, interesting, diverse, funny, and loving people.
• We offer competitive compensation, employer paid health, medical and dental benefits, 401k with match, paid parental leave, snacks, socks and a fun, relaxed office environment.
• We take the responsibility to make sure you are excited, happy, and find fulfillment in your work very seriously.
• We value fun. This is why we host office lunches, offsite team outings, and two annual company retreats.
• We believe in giving back to the community and helping those in need, which is why we volunteer as a team regularly.
• We believe success comes from the collective effort of all, which is why all full-time employees receive equity in the business.
• We offer flexible paid time off for all full-time employees. This includes unlimited vacation, sick days, and wellness days because we understand the value of health, relaxation, spending time with friends and family, and traveling the world.
• We believe a healthy body equals a healthy mind, so we offer a $100 monthly health and wellness reimbursement.

What you’ll bring:

• 7 or more years of experience working in Information and Cyber Security and IT operations
• At least 10 years of advanced IT operations and or software engineering with high level of information security experience and expertise
• At least 5 years of planning and managing IT security projects
• Bachelor's Degree is required
• Ability to formulate a clear and actionable plan and execute against it
• Possession of or ability to obtain professional certifications in Information Security or risk management, such as a CISSP, CEH, CISM or CRISC is preferred
• engineering with high level of information security experience and expertise
• Knowledge of information security risk management frameworks and compliance practices
• Knowledge of securing software and network technologies and client and server operating systems.
• Ability to develop security policy standards and guidelines based on best practices and industry standards
• Experience responding to, analyzing, and communicating information security incidents
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Understanding of common security standards and regulations relating to a direct to consumer and retail environment (e.g., PCI, CCPA, GDPR, SOX, COBIT, ITIL and CIS)
• Experience operating within high-growth company environments

If you require reasonable accommodation in completing this application, interviewing, completing any employment testing, or otherwise participating in this hiring process, please direct your inquiries to our Director of Talent Acquisition at nick.sottile@bombas.com. Requests only related to accommodations will be responded to.