Offer summary

Qualifications:

Solid foundation in security and compliance concepts., Familiarity with audit frameworks like SOC 2, ISO27001, and NIST CyberSecurity Framework., Ability to collaborate with both business and technical stakeholders., Experience with security training or certifications such as CISSP or CISA is a plus..

Key responsibilities:

Improve internal processes within the Security team focusing on Governance, Risk, and Compliance.

Respond to customer security inquiries and conduct security assessments of vendors.

Document and automate security and compliance policies and standards.

Oversee the internal Security Awareness Training program and conduct phishing simulations.

Job description

Description

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes has grown beyond malware remediation to ensuring cyberprotection for every one, providing device protection, privacy, and prevention solutions in the home, on-the-go, at work, or on campus. With threat hunters and innovators across the world, we want great people, like YOU, to join our team!

Who We Need

We're on the lookout for a motivated security professional ready to tackle the challenge of enhancing security at a security company. Join our small but growing team and bring your expertise to the table. We're seeking a security and compliance superstar who can elevate our GRC and other security processes and tools to new heights.

What You’ll Do

Apply your experience to improve internal processes within our Security team, focusing on Governance, Risk, and Compliance. Collaborate with teams across engineering, product management, research, threat intelligence, support, IT, finance, legal, and other corporate functions.
Respond to customer security questionnaires and address security and compliance inquiries from customers and partners.
Conduct security assessments to evaluate the risk and security practices of Malwarebytes vendors and partners.
Work with team members to document, improve, and automate security and compliance policies, standards, and controls.
Deliver security-focused internal communications and newsletters.
Oversee the internal Security Awareness Training program, including onboarding, annual, and role-specific training.
Conduct periodic company-wide and targeted phishing simulations.

Skills You’ll Need to Have

A solid foundation in security and compliance, and the ability to apply these concepts to business problems.
Familiarity with audit frameworks such as SOC 2, COBIT/COSO, ISO27001, PCI DSS, HIPAA, CSA, and NIST CyberSecurity Framework.
Ability to work with business and technical stakeholders to develop and improve organizational controls.
Passionate about process improvements, documentation, and automation.
Aid and encourage those around you to understand and identify risks.
Understand the value of your team having measurable success.
Ability to work collaboratively with geographically distributed teams.

Nice to Have Skills:

Experience with Security Operations best practices, including Incident Response and Vulnerability Management.
Experience working at a security product company.
Understanding of cloud technologies and infrastructure.
Experience with agile scrum processes, DevOps, and Continuous Delivery.
Current or former security training or certifications such as CISSP, CISA, CISM, SANS GPEN, CEH, or similar are a plus.

What We Offer

An opportunity to do something great for yourself and the world
A great work environment that supports growth and development
Competitive compensation and benefit packages
401(k) matching program
Open time off policy
A company who enjoys having fun; holiday and summer parties and lots of other great stuff

Applicants have rights under the Federal Employment Laws: