Principal Information Security Specialist
OUR MISSION
At Torch, we believe in the power of people. People are the heart of every success story. They collaborate to achieve ambitious things together. And they inspire others to build a better future.
That’s why our mission at Torch is to unlock the potential of people, teams, and organizations. We believe that trusted relationships are the key to helping people realize their full potential. When people experience transformational growth in the context of a trusted relationship, they achieve more, their teams excel, and their organizations thrive.
By combining a community of expert coaches, scalable technology, and the latest behavioral science, Torch helps our customers develop their people, create stronger leaders and managers, and drive business performance.
Backed by top-tier investors, Torch is a fast-growing, mission-driven SaaS startup comprised of people who are passionate about helping leaders, their teams, and their organizations achieve more. If that sounds worthwhile to you, join us. Torch is a remote and distributed team with an office in San Francisco. The rest of the team is scattered around the U.S.
OUR VALUES
All Torch employees are expected to reflect and enhance our company values, GROW:
Go deep: We study the science, learn from the best practitioners, and dig in with customers to solve their unique needs.
Relationships matter: We lean into relationships with empathy to create more meaningful connections and more meaningful impact.
Own it: We take responsibility for our commitments, our contributions, our results and for the success of those around us.
Win together: We believe that happiness and fulfillment at work comes from shared success and value.
Sprint Forward: We prioritize, sprint, adjust, and then sprint again.
ABOUT THE JOB
We are seeking a highly skilled and motivated Principal Information Security Specialist to join our team. In this role, you will be responsible for planning and designing security solutions that align with business objectives and comply with applicable regulatory requirements and our organization's policies. As a Security Specialist, you will collaborate with cross-functional teams to assess risks, identify vulnerabilities, and recommend effective security controls and mitigation strategies. Your contributions will play a vital role in safeguarding our organization's sensitive data and maintaining a robust security posture in an ever-evolving cloud landscape. We are looking for an exceptional hands-on leader and communicator who builds credibility and trust amongst internal teams as well as with Torch's customers.
This position will be reporting to the CTO.
YOUR POSITION
- Develop, implement, and enforce information security policies, procedures, and standards to mitigate risks and ensure compliance with industry regulations and best practices.
- Identify, assess, and manage security risks across the organization. This includes conducting risk assessments, establishing risk management frameworks, and ensuring the organization's risk tolerance aligns with its business goals.
- Apply in-depth, hands-on knowledge of the FedRAMP regulations, process, and requirements to lead Torch’s FedRAMP certification.
- Review and prioritize security vulnerabilities from various sources, including vulnerability scanning tools, penetration test reports, and threat intelligence feeds. Recommend solutions to the engineering teams to address and remediate identified vulnerabilities.
- Implement and maintain security tools and technologies, like firewalls and intrusion detection systems.
- Lead the incident response team in the event of security breaches or incidents. Develop incident response plans, coordinate responses, and ensure timely resolution while minimizing damage.
- Develop and deliver cybersecurity and privacy training and awareness programs for employees.
- Collaborate with Engineering and other departments to integrate security best practices.
- Evaluate and manage the security risks associated with third-party vendors and partners. Ensure that vendors adhere to Torch’s security and compliance requirements.
- Develop standards and practices for data anonymization, encryption and tokenization in the organization, based on the organization's data classification criteria.
- Collaborate with auditors to maintain certifications such as ISO 27001, SOC 2 Type 2, Data Privacy Framework Certification, compliance with GDPR etc.
- Engage in Sales calls to communicate the organization's security capabilities, policies, and procedures to clients.
YOUR EXPERIENCE
- 15+ years of experience in cybersecurity, minimum 5 years working in Security Compliance.
- Led the pursuit of, or maintained a FedRAMP Moderate+ Authorization.
- In-depth understanding of industry standards, frameworks, and regulations related to cybersecurity and privacy (FedRAMP, NIST, SOC2, ISO, GDPR etc.).
- Experience with artificial intelligence (AI) and machine learning (ML) related security and privacy risk management.
- Proven expertise in cloud systems (preferably AWS), container-based systems like Docker and Kubernetes, and automation/scripting tools for security automation (PowerShell, Python, Bash, etc.)
- Experience with a range of security technologies, processes, and tooling around vulnerability management, patch management, firewalling, networking including IAM, SIEM/SOC, IDS/IPS, DLP.
- Exceptional leadership and communication skills, with the ability to champion a culture of security across all levels of the organization.
- Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
INTERVIEW PROCESS - consists of the following
- Technical Interview with the CTO (60 minutes), Head of Platform Engineering (60 minutes) and a Principal Engineer (60 minutes).
- Leadership/Cultural Fit Interview with the COO (60 minutes).
- Take-Home Exercise: Candidates will be required to complete a 60-minute Security and Privacy solution design presentation. While the presentation is expected to take 60 minutes, candidates should allocate approximately 2-4 hours for preparation.
BENEFITS
- Health Insurance (medical, dental, and vision)
- Unlimited PTO
- 401k Retirement Plan
- Life & Disability Insurance
- Paid Parental Leave
- Torch Coaching
- Remote Workstation Stipend
$190,000 - $230,000 a year
Torch ensures equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, veteran status, or any other characteristic protected by law.