Information Security Manager/Sr. Manager

Who You Are:
You will lead Polly’s Information Security function to secure, maintain and grow a world-class mortgage technology services and technology ecosystem for our customers. You are looking for a unique opportunity to shape and grow Polly’s security culture. Your 5+ years of enterprise information security and cloud technology experience has prepared you to successfully develop, enhance and oversee all information security operations activities. 
Your expert-level skills in access management in a cloud computing environment, vulnerability scanning, third-party risk assessment, SIEM management, business continuity or disaster recovery makes you the perfect fit for this role. Leading security strategy, direction and cross functional security teams comes naturally to you. Overall, you are a dynamic professional who is excited to make an impact across the organization to keep Polly secure and compliant with industry best practices and regulations. 
Does this sound like you? If so, apply today and let’s start the conversation!

What You’ll Do:

• Perform annual SOC2 compliance, penetration tests, and BCP/DR scenarios
• Own, develop, implement, and report to the Board of Directors on the short and long term security strategy and goals in alignment with Polly’s business objectives and culture
• Conduct in-depth security reviews and risk assessments of core corporate and production infrastructure to identify gaps, come up with recommendations, and implement proposed solutions
• Evolve Polly’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents
• Respond to security audits and security assessment requests
• Maintain awareness of current and emerging threats, specifically those within the financial services sector, to ensure cloud environments are properly secured, monitored and documented
• Oversee management of information security tools, contracts, documentation, policies and processes to ensure an operating environment that is sound, sustainable and compliant with company policies and requirements
• Assess and identify security controls for sensitive and regulated data, and refine and oversee Polly’s compliance programs aligned with SOC2
• Resolve security resource requirements including budget, staff, training needs and prioritization
• Ensure the appropriate development and delivery of end user security awareness training, effective reporting, as well as performance metrics; executes on security metric reporting to ensure business and senior leadership have a proper view of current security state and risks
• Define requirements and lead on evaluating and analyzing existing and new technology, platforms and applications to anticipate potential security gaps and concerns
• Own all documentation, process, and training surrounding Polly’s business continuity and disaster recovery abilities

What You Have:

• 5+ years of enterprise information security or relevant technology experience, including with cloud technologies; B2B and SAAS preferred
• Ability to communicate information security requirements to non-technical security stakeholders
• Deep understanding of risk management principles and strong understanding of incident management and security operations
• Expert-level experience in at least some of the following areas: access management in a cloud computing environment, vulnerability scanning, third-party risk assessment, SIEM management, business continuity or disaster recovery
• Familiarity of regulatory requirements such as GLBA and CCPA and frameworks such as NIST and ISO 27002

Why Join Polly:

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Remote environment

Let’s get to know each other.
Polly is transforming the mortgage industry with its modern, data-driven capital markets ecosystem. Banks, credit unions, and mortgage lenders nationwide trust Polly’s revolutionary Product and Pricing Engine (PPE), Loan Trading Exchange, and actionable data and analytics to automate and optimize the entire capital markets value chain, helping their secondary teams operate faster, smarter, and more profitably. Polly was founded in 2019 by a seasoned team of technology and mortgage experts and is headquartered in San Francisco, California. 
To learn more, follow Polly on LinkedIn or visit www.polly.io.  
Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Beware of recruitment scams impersonating Polly brand or employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@pollyex.com.  We care deeply about this network and your experience.