Information Security Manager
Percona is experiencing significant growth and as we continue to mature our security organization, the new Information Security Manager will help us solidify processes and influence the organization. At the same time, we are transitioning to a more software-based organization; the Information Security Manager will have the opportunity to increase the security team's interactions with engineering. This role will also have the ability to take the lead in increasing the overall security posture of all Percona staff.
The mission of the Information Security Manager is to ensure the overall security of all information, especially customer information, that is handled by Percona. This is accomplished by managing our Security Engineers, working closely with our Legal and Compliance team, as well as developing, maintaining, and often running, best practice industry standard security practices and procedures across Percona.
This is a remote role that will ideally be located in the Americas region.
What You Will Do
- Manage highly technical staff on Percona's Information Security team, keep them focused on the most important activities, maximizing their technical talent and professional development; participate in the larger IT department management team
- Oversight and development of our security incident, problem, and change processes; develop realistic practices to ensure we are following through and prioritizing the most important tasks; ensure good relationships with related Percona teams with clear communication on the biggest security risks so that company-wide resources are as efficient as possible dealing with security needs
- Deep involvement in our compliance and certification initiatives; ensure the security technical aspect is properly reflected in new policies and represented in audits with a special focus on ISO 27001 compliance
- Enhance our risk / security event identification methodologies and tools; strike the proper balance with manual reviews, tests and audits, with software tooling; ensure our events / risks properly connect to our incident/problem processes and we can sustainably keep up with our requirements; manage our risk acceptance process
- Improve our security communication posture to Percona staff, customers, and our broader Percona user community, including, but is not limited to, training, blog posts, presentations, sales calls, etc
- Partner with the rest of the IT department and our engineering teams to develop best practices and policies around software development lifecycles
- 5+ years information security experience
- 1+ years managing direct reports
- Strong English communication verbal, written and making presentations; enthusiastic about documentation; great at bridging the gap between technical and business audiences
- Experience with and comfort performing project management and business (security) analysis
- Experience working on at least one of the following privacy and certification standards: ISO, SOC 2, PCI, HIPPA, GDPR, CCPA, etc
- Familiar with security practices around SDLC, CI/CD pipelines, etc., particularly in open source software
- Strong grasp of process and overall industry standard IT / security ops methodologies/frameworks and how to practically apply them to run efficient teams
What Will Make You Stand Out
- security engineering technical background; experience with containerization, orchestration tools, Docker, Kubernetes, etc a plus
- Experience wearing many hats in a small/medium-sized organization
- Americas time zone
- ITIL/ITSM experience / familiarity
- Experience with organization wide Identity Access Management systems
- Security certifications: CISSP / CISM
Percona is a respected thought leader in the open source community. We provide services and software for MySQL, MongoDB, PostgreSQL and MariaDB to open source users globally.
Percona is remote-first and globally dispersed; we have 250 people in more than 40 countries. We offer a collaborative, highly-engaged culture where your ideas are welcome and your voice is heard. The growth and development of our staff is a top priority; we provide funding for training, certifications, conferences and more.
Discover what it means to work with some of the smartest people in the industry, who also know how to have fun and are always willing to lend a helping hand. We offer flexible hours, the ability to work remotely and the amazing experience of working with a multinational team of experts.