Geoforce is hiring an Information Security Lead Engineer to own and advance our cybersecurity posture. In this role, you will be the organization’s key authority, responsible for establishing, managing, and enhancing a robust, enterprise-wide information security program. You will report directly to the VP of Software Engineering and lead the strategy and operations that protect our technology and data.
What You'll Do
- Develop, implement, and maintain the organization's information security and data privacy strategy, policies, and governance framework, aligning with frameworks such as NIST CSF 2.0, ISO, SOC II Type 2 and CIS Controls.
- Serve as a trusted advisor to leadership on cyber risk, regulatory/compliance obligations (e.g., GDPR, CCPA), and emerging threats.
- Manage key performance indicators (KPIs) and dashboards to measure program effectiveness and foster continuous improvement.
- Develop and communicate a roadmap for the privacy & security program that balances business enablement with risk mitigation.
- Lead security related projects and deliverables for security as well as external department projects.
- Implement a third-party vendor risk management program, including onboarding security reviews and continuous monitoring.
- Build, run, and own infrastructure and automation to detect, contain, and eradicate security threats.
- Develop alerting and detection strategies to identify malicious or anomalous behavior.
- Develop new and novel defensive techniques to identify or counteract changes in adversary techniques and tactics.
- Dissect network, host, memory, and other artifacts originating from multiple operating systems and applications.
- Investigate enterprise-wide operations to uncover sophisticated and undetected threats.
- Partner closely with other members of the Information Security team to lead changes in the company's network defense posture.
- Identify and implement core security platforms needed to maintain security within Geoforce Infrastructure, Networking, and IT systems, such as EDR, SIEM, secure email gateways.
- Lead customer communications and documentation around InfoSec processes, documentation and certifications.
- Develop and govern Security Policies and Procedures, including SOC II Type2 audit readiness.
- Lead and enhance the Security Awareness Training (SAT) program (e.g., KnowBe4), including phishing simulations and compliance reporting.
- Advocate for a security-first culture across IT, software development, and business teams through ongoing engagement, communication, and training.
- Lead incident response efforts.
- Lead customer information security questionnaire responses.
- Govern relationships with third-party vendors and managed security partners.
- Drive business-aligned risk management and resiliency efforts.
What We're Looking For
- 3+ years in information security leadership roles, with expertise in managing enterprise-wide programs.
- Hands-on experience in implementing security assessment tools.
- Extensive knowledge of cybersecurity principles, tools, technologies, risk management, and compliance frameworks (NIST, CIS, ISO, SOCII).
- Strong ability to articulate security concepts to non-technical customers, stakeholders, and executive leadership.
- Experience collaborating with cross-functional teams and managing vendor relationships, including MDR (Managed Detection and Response) and performance measurement.
Nice to Have
- CISSP, CISM, or equivalent certification.
Technical Stack
- Security Platforms: EDR, SIEM, Secure email gateways
- Frameworks & Standards: NIST CSF 2.0, ISO, SOC II Type 2, CIS Controls
- Tools: KnowBe4
Team & Environment
You will report directly to the VP of Software Engineering and be the key cybersecurity authority within the organization. We seek high-integrity, well-rounded professionals who thrive on challenges, are fascinated by technology, exhibit passion and pride, and don't mind rolling up their sleeves to get a job done.
