LeafLink
The Cannabis Industry's Wholesale Platform
B2B SaaS • cannabis • e-commerce • order management • CRM
201 - 500
Information Security Manager
August 7
🏡 Remote – New York
LeafLink
The Cannabis Industry's Wholesale Platform
B2B SaaS • cannabis • e-commerce • order management • CRM
201 - 500
Description
• Security Strategy & Leadership • Assist in developing, implementing, and maintaining LeafLink's information security strategy, roadmap, and team planning. • Collaborate with stakeholders to devise security policies, procedures, and processes. • Work closely with engineering, product, and legal teams to align security and data governance initiatives with organizational goals and objectives. • Report on Information security as needed to senior management. • Assist in corporate initiatives including partnerships, vendor management, and M&A. • Compliance • Play a key role in maintaining and enforcing compliance requirements across the organization. This includes SOC2, PCI, and additional frameworks as LeafLink grows. • Stay up to date on new developments and changes to IT compliance. Ensure LeafLink’s security measures, policies, posture, and employee awareness are continuously updated, robust, and industry-leading. • Participate in quarterly disaster recovery and business continuity (DRBC) planning and exercises. • Risk Management • Identify and assess security risks to the organization’s data, systems, and infrastructure. • Participate in vendor management processes to vet potential new tools, software, systems, and/or integrations. • Conduct regular risk assessments and security audits, ensuring compliance with regulatory requirements and industry best practices. • Develop and deliver information security awareness training programs for employees (i.e., employee phishing, routine communications, and updates for awareness). • Brainstorm and implement solutions to promote a culture of security and compliance within the Company.
Requirements
• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field. A master's degree is a plus. • 5+ years of experience in information security, with at least 2 years in a managerial or leadership role developing, coaching, and performance-managing ICs • Experience leading projects and initiatives across cross-functional groups aligned to goals and KPIs • Experience with project management tools such as JIRA and associated reporting to stakeholders • Some experience working in financial services. Experience at a scaling technology company is a plus. • Proven experience in developing and implementing security policies and strategies. • Knowledge of DEP within enterprise systems and SIEM reporting. • Hands-on experience with security audits (e.g a stakeholder in a SOC2 audit) • Certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable. • Knowledge of compliance tools like Drata or Vanta is highly desirable. • Knowledge of Authentication and Authorization best practices for enhanced Cybersecurity posture • Excellent communication and interpersonal skills.
Benefits
• Flexible PTO • A robust stock option plan • 5 Days of Volunteer Time Off (VTO) • Competitive compensation and 401k match • Comprehensive health coverage (medical, dental, vision) • Commuter Benefits through our Flexible Spending Account
Apply Now
