Hi Marley is transforming the risk industry by helping insurance companies deliver a modern experience that puts customers first.  We are a technology company that is disrupting the often misunderstood industry of risk. Our mission is to make insurance simple and lovable while protecting people and the things they care about.

We are looking for an individual to lead our Information Security Operations. The successful candidate will provide technical leadership across all security initiatives within the company, participate in sales processes for our SaaS offering, as well drive the company toward NIST compliance and/or ISO Certification. This position will be based out of our space in downtown Boston with an opportunity to work remote 20% of the time.

What you will do:

• Serve as the central point of contact for InfoSec technology for the company and ensure that security is integral to the business and technology decisions
• Lead and execute the design and implementation of the information security defense architecture, solutions, tools and automation for the continuous protection of our corporate systems and information assets
• Perform security gap assessments and penetration tests, generate comprehensive reports and recommendations on the security risks and vulnerabilities.
• Act as the Incident Response Lead and perform security incident response and investigations in a timely manner.
• Lead Hi Marley toward NIST compliance
• Implement solutions that arise from vulnerability scans
• Research and implement system hardening standards
• Develop emerging standards around Cloud and Serverless services
• Create and participate in incident response process
• Work with internal and external audit teams to deliver timely responses and data collection requests for vulnerability or risk assessments and penetration testing
• Develop, document and implement security policies based on industry best practices
• Identify assets and assess risks, threats, and vulnerabilities in accordance with accepted industry, professional, and government standards to ensure security design integrity, availability, confidentiality and contract compliance.
• Prepare and document relevant standard operating procedures.
• Prepare security metrics for the senior management.

What you will need:

• Minimum 5 years work experience as an Information Security Engineer, preferably at companies with SaaS based enterprise software products for the financial or healthcare industries.
• Strong experience with Linux and systems hardening
• CISSP or equivalent
• AWS or other cloud experience
• College Graduate with degree in Engineering, Computer Science or security related area preferred
• Other Desirable Certifications: CSSLP, GIAC, CEH, GPEN
• Experience with manual or automated security assessment, vulnerability validation and/or penetration testing and security audits - SSAE16 SOC2 preferred.
• Expert knowledge and prior experience with industry frameworks and standards like HIPAA, PCI DSS, SOC2, ISO27001.
• Hands-on experience in deploying and administering security tools and appliances - creating policies, tuning, log analysis, troubleshooting and diagnosing problems.