Senior Manager, Information Security

Information Technology San Francisco, California


Description

 
Every day, we work together for what matters – bold, swift, and equitable climate action. 

ABOUT THE ROLE

At 3Degrees, we're seeking an experienced Information Security professional to join our dynamic and growing team. In this role, you will play a critical role in safeguarding our organization, particularly as we transition to a new trading system and data warehouse. You will be responsible for developing and implementing a comprehensive cybersecurity strategy, managing a team of security professionals, and mitigating risks to our systems and data.
You'll bring your deep technical expertise, your strong understanding of cybersecurity, and your experience in addressing critical gaps to lead the team in developing and implementing a comprehensive cybersecurity strategy aligned with the organization's business objectives. 
This is a full-time, exempt role reporting to our Chief Product & Technology Officer. It is open to candidates ideally based in the San Francisco Bay Area, but exceptional candidates based in other time zones may be considered. In addition, you agree to travel periodically to a 3Degrees office for training or team collaboration and to conferences as required. Frequency and cadence are dependent, but on average, they are 1-6 times annually. Remote workers agree that their home office provides a comfortable and productive environment that enables success as a “remote” employee. 

Please Note: 3Degrees does not provide sponsorship and/or relocation assistance; therefore, pre-existing right-to-work status is a prerequisite to be considered for this position.


WHAT YOU’LL DO

  • Strategic Leadership: Develop and execute a long-term cybersecurity strategy aligned with the organization's business objectives, with a particular focus on securing our new trading system and data warehouse, collaboration platforms, and customer-facing web applications.
  • Risk Management and Audits: Conduct and report out on regular risk assessments, identify vulnerabilities, and implement effective security controls. Lead regulatory security audits and assessments to ensure the organization's security posture is optimally derisked.
  • Incident Response: Lead incident response efforts, including investigation, containment, eradication, and recovery, particularly in the event of a breach affecting the new trading system or data warehouse.
  • Regulatory Compliance: Ensure compliance with industry regulations and standards, such as SOC, ISO, GDPR, CCPA, and HIPAA, especially as they relate to the new trading system and data warehouse.
  • Team Management: Lead and mentor a high-performing security team, with a focus on building expertise in securing complex systems like our new trading system and data warehouse, while fostering a culture of innovation and continuous improvement.
  • Technology Evaluation and Implementation: Evaluate and implement new security technologies, including AI-powered solutions, to protect the new trading system and data warehouse.
  • Policy and Procedure Development: Create and maintain security policies and procedures, ensuring they are tailored to the specific security needs of the new trading system and data warehouse.
  • Training and Best Practices: Support the development and delivery of training sessions for employees on security best practices, focusing on phishing prevention, password management, and compliance.


ABOUT YOU
You are a seasoned cybersecurity professional with hands-on security experience in high-impact environments, ideally supporting global enterprises. You have a security-first mindset, ensuring our infrastructure is fortified and security threats are proactively managed. You thrive in a fast-paced, constantly evolving environment. You come equipped with real-world expertise where you have learned from both successes and challenges in the field. We believe that an individual with the following experience will have the best opportunity for success in this role:
  • Hands-On Leadership: 10+ years of experience in leadership roles developing and successfully implementing cybersecurity strategies, with a strong focus on hands-on technical work, preferably in organizations undergoing significant digital transformations, such as the implementation of new trading systems, data warehouses, SaaS-based ERP and collaboration platforms, multiple web applications, etc.
  • Technical Expertise: Deep understanding of and experience in cybersecurity best practices and frameworks (NIST, CIS, ISO 27001, SOC2), network security (NGFWs), endpoint security (including VDI), penetration testing and software composition analysis (e.g., Black Duck), identity and access management, data security (DLP), and security operations tools (SIEM/SOC and cloud-based security platforms).
  • Hands-On Experience: Proven experience in managing and leading security teams, as well as hands-on involvement in incident response, security assessments, and compliance audits, including GDPR compliance. Strong troubleshooting skills for both network and endpoint security issues across Windows and Mac environments.
  • Communication and Interpersonal Skills: Excellent communication and interpersonal skills to effectively collaborate with technical and non-technical teams, both in-person and remotely; strong presentation skills.
  • Problem-Solving and Analytical Skills: Strong problem-solving and analytical skills to identify, triage and address security risks, especially in complex, distributed environments.
  • Industry Experience: Experience with data security, privacy, and compliance, particularly in the financial services industry, including experience with GDPR and other relevant regulations.
  • Education: Advanced degree in computer science, information security, related field or equivalent experience.
  • Additional Skills: Experience developing and implementing cybersecurity training programs, and experience supporting remote teams across multiple time zones.

HOW WE DEFINE SUCCESS
Within 30 Days:
  • Onboard into the organization and familiarize yourself with the company's current security landscape, with a particular focus on the new trading system and data warehouse.
  • Establish relationships with key stakeholders, including IT, engineering, and business leaders, to understand their specific security needs related to the new systems.
  • Begin assessing the security posture of the new trading system, data warehouse and customer-facing web applications, identifying security risks and vulnerabilities.
  • Develop a plan for addressing immediate security risks and vulnerabilities related to the new systems.
Within 90 Days:
  • Complete a comprehensive security assessment and risk analysis, with a specific focus on the new trading system, data warehouse and customer-facing web applications.
  • Develop and begin implementing a roadmap for improving the overall security posture of the organization.
  • Hire and onboard key security team members with expertise in securing complex systems like trading platforms and data warehouses.
  • Lead the incident response to any security incident, especially if it involves the new trading system, data warehouse or loss, or other security breach.
Within 6 Months:
  • Implement a robust cybersecurity awareness program for employees, with a specific focus on the security of trading, ERP, collaboration and data systems; develop new policies where warranted.
  • Deploy new security technologies to enhance the organization's security posture, particularly for the new systems.
  • Conduct a successful security audit, with a specific focus on the new trading system and data warehouse; reflect your findings and respective plans in the bi-annual technical risk review.
  • Establish a strong security culture within the organization, emphasizing the importance of protecting the new systems; leverage technologies to enforce company policies.
Within 1 Year:
  • Successfully lead a major security initiative, such as a roll-out of a broad DLP strategy covering a data warehouse, collaboration tools, etc., or a penetration testing strategy focused on web applications.
  • Achieve significant reductions in security incidents, particularly those affecting the new systems, and establish and track KPIs that demonstrate an improvement in the company’s security posture.
  • Continue to drive and evolve the long-term security strategy that aligns with the company's business objectives and ensures the ongoing security of the new systems.

COMPENSATION & BENEFITS

The following compensation and benefits information is based on 3Degrees’ good faith estimate as of the date of publication and may be modified in the future:

  • Compensation: The starting base salary for this position is $172,000-$197,000 in the US. Total compensation for a successful candidate will substantially exceed the base pay as it includes significant incentive compensation. Base pay is dependent upon many factors such as location, transferable or job-related skills, work experience, relevant training, business needs, and market demands. The base salary range is subject to change and may be modified in the future
  • Benefits: This position is eligible for a benefits package that includes medical, dental, vision, 401k, flexible paid time off, and more. Additional information regarding the benefits available for this position can be found here        
  • Supplemental Pay: This position may be eligible to participate in discretionary bonus programs based on personal, department and company goals

    (This compensation and benefits information is based on 3Degree's good faith estimate as of the date of publication and may be modified in the future)

OUR COMMITMENT TO DIVERSITY, INCLUSION AND EQUITY
 
3Degrees is an equal opportunity employer. We are committed to creating an inclusive environment where different perspectives contribute to better solutions. 3Degrees welcomes people regardless of race, color, religion, national origin, gender, gender identity or gender expression, age, sex, pregnancy, marital status, ancestry, disability, military or veteran status, sexual orientation, genetic information, or any other category protected by law.

#LI-Hybrid
#LI-WW1