IT Security Technical Manager

About Jotform

Jotform is a San Francisco-based SaaS company with more than 35 million users worldwide. We are thriving and growing, and we’ve never needed outside funding. That’s because we like keeping things agile, independent, and fun. Jotform believes everyone should be able to create their own online forms. Our 10,000+ ready-made form templates, 100+ integrations, and more than 380 widgets have made us one of the most popular online form builders for organizations of all sizes — from small businesses to enterprises.

Role Summary

This position is a HANDS ON TECHNICAL POSITION in which the ideal candidate will be able to function from not only a process and planning perspective but also be a key contributor to security architecture and technology decisions. This role will be responsible for the design, development, and implementation of new and innovative solutions to protect the Confidentiality, Integrity, and Availability of Jotform owned/ managed information assets.

This is a full time, fully on-site position based out of our Vancouver, Canada office.

Here’s what you will be doing:

• Ensure compliance with regulatory requirements and oversee incident response related to security, availability, and data privacy within the Jotform platform which is used by more than 35 million people worldwide. Maintain adherence to industry standards for a SaaS company while applying hands-on expertise in these areas
• Proactively identify and remediate security vulnerabilities across systems architecture, development processes, and security practices, keeping cybersecurity visible as an organizational priority.
• Independently triage and analyze potential security threats, take immediate action, and collaborate with technical teams to remediate issues.
• Detail out the security incident response program for business continuity, disaster recovery, and incident response plans
• Continuously review technology proposals for security and privacy controls and recommend adjustments
• Develop, publish, and maintain comprehensive information security standards, policies, procedures, and guidelines for our website in line with industry standards and best practices
• Mentor a team of global security engineers
• Continuously educate our global DevOps Engineer and Developer teams on security awareness, arming them with the knowledge necessary to speak to our security confidently
• Respond to client due-diligence requests for information security
• Perform other miscellaneous duties as assigned

Education /Work Experience /Technical Requirements:

• Engineering degree from an accredited institution
• Minimum 10 years of hands-on security experience in architecting, engineering, or administering SaaS solutions
• An understanding of agile software development and secure software development lifecycles
• In-depth knowledge of securing web applications and applicable laws and regulations like PCI-DSS, SOC 2, and HIPAA in a fast paced regulated work environment
• Professional Certification for one of the following GSEC/CISA/CISM/CISSP/CSCS/CEH or equivalents or willingness to obtain one within 8 months of the date of hire
• Solid knowledge in network security, authentication protocols, cryptography and network security principles
• Proficiency in analyzing security logs, including but not limited to application logs, server logs, and network traffic, to detect suspicious activities
• Preferred experience with Node.js, Docker, and Elasticsearch. Knowledge of securing these technologies and maintaining a secure infrastructure is a must
• Hands-on experience with database management systems
• Experience with software development workflows and coding principles

OUR PROCESS

We’ll review your application along with all the others we receive and pick the top profiles for a screening call. In many cases due to time constraints and our candidate volume, only the short-listed candidates are contacted but we do consider each application carefully.If you have been selected as a short-listed candidate, we will contact you for a short screening call to get to know you better. If you don’t get a call, please don’t be disappointed! We receive many applications for each role and have to prioritize who we speak to.

We thank all applicants in advance for their interest and taking the time to apply for this position at Jotform!

Jotform is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Jotform values your privacy. You can find more information regarding our applicant privacy notice here: https://www.jotform.com/job-applicant-privacy/