Information Security Manager / Compliance
Remote job
- Remote-first
- Website
- @wallarm 𝕏
- GitHub
- Search
Wallarm Inc.
Wallarm automates real-time application protection and security testing for APIs, apps, and microservices and APIs across multi-cloud and K8s environments.Short facts about us:
We are a global remote-first team of 100+ people on 4 continents and in 10+ countries.
We have been protecting our clients since 2016.
The company has raised over $10M in investments.
More than 200 customers around the world, including Fortune 500, Nasdaq, and high-growth startups choose Wallarm to protect their API and web applications.
The company passed Y Combinator, the most prestigious incubator in Silicon Valley, from which Dropbox, Stripe, Docker, etc. came out.
Our product:
Wallarm API security solutions provide proven performance to support innovative companies serving millions of users and billions of API requests per month. Hundreds of Security and DevOps teams globally use Wallarm daily to:
Discover. See every asset across your entire attack surface—from cloud environments to every API endpoint with auto-discovery capabilities.
Protect. A single suite that goes beyond OWASP Top 10 for full coverage for API specific threats, account takeover, malicious bots, L7 DDoS, and more.
Respond. Streamline incident response with complete visibility, smart triggers, and active threat verification.
Test. Automate security testing of your APIs and web assets. Prioritize remediation for every asset, in every environment.
The role:
We are looking for an Information Security Manager to lead and enhance our internal security and compliance strategy. You will be responsible for improving our security posture, maintaining existing certifications such as SOC2, and obtaining PCI DSS and FedRAMP compliance. This role is crucial in ensuring that our security infrastructure meets the highest industry standards while fostering a strong security culture across the company.
In this role you will:
Develop and implement security and compliance strategies to align with industry best practices.
Maintain and enhance our SOC2 certification, ensuring continuous compliance with security controls.
Lead initiatives to achieve and maintain PCI DSS and FedRAMP compliance, including documentation, audits, and process improvements.
Oversee the company’s security infrastructure, including cloud security, endpoint protection, identity and access management (IAM), and incident response.
Conduct risk assessments, vulnerability management, and threat analysis to mitigate security risks proactively.
Lead the Security Operations Center (SOC) and collaborate with DevOps teams to ensure effective security monitoring and incident response.
Implement security awareness training programs to educate employees on best security practices.
Work with legal, compliance, and regulatory teams to ensure adherence to industry regulations.
Lead third-party security assessments and manage security relationships with vendors and partners.
Establish and track key security metrics to measure and improve security performance.
Stay up to date with emerging security threats, vulnerabilities, and regulatory requirements.
Requirements
Required qualifications:
7+ years of experience in cybersecurity, risk management, and compliance.
Deep understanding of SOC2, PCI DSS, and/or FedRAMP compliance requirements.
Strong knowledge of cloud security (AWS, GCP, Azure), IAM, endpoint security, and network security principles.
Experience leading security audits, risk assessments, and vulnerability management programs.
Expertise in incident response, security monitoring, and threat intelligence.
Strong technical background in security engineering, DevSecOps, and security automation.
Excellent leadership, communication, and stakeholder management skills.
Ability to work cross-functionally with engineering, legal, compliance, and executive teams.
Preferred qualifications:
Hands-on experience with FedRAMP.
Experience working in high-growth tech startups or SaaS environments.
Hands-on experience with security tools and platforms such as SIEM, IDS/IPS, WAF, and endpoint security solutions.
Knowledge of API security, penetration testing, and security best practices for microservices.
Experience in developing and implementing security policies and governance frameworks.
What we offer:
Ability to work on a product that makes the Internet safer
Completely remote work and flexible working hours
Competitive salary and bonuses
Paid days off
Medical insurance
Working equipment
Professional development and career growth
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits Automation AWS Azure Cloud Compliance DDoS DevOps DevSecOps Docker Endpoint security FedRAMP GCP Governance IAM IDS Incident response IPS Microservices Monitoring Network security OWASP PCI DSS Pentesting Risk assessment Risk management SaaS Security assessment SIEM SOC SOC 2 Strategy Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Flex hours Health care Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.