(Information Security and Risk Management)
RockStep Solutions is a fast-pace startup with a product that is changing the world by revolutionizing drug discovery. RockStep’s flagship product, Climb™, is in the market, and the company is focused on product enhancements and rapid scale-up.
This position is responsible for leading RockStep’s Information Security and Risk Management (ISRM) office and ensuring RockStep’s operational integrity related to same. The goal of the Office of ISRM is to ensure that RockStep solutions has policies that meet industry ISRM standards and that there is communication and enforcement of those policies throughout all departments in the organization.
RockStep seeks to eventually achieve and maintain ISO 27001 Certification. RockStep’s office of ISRM will lead the efforts related to ISO certifications and the development of an Information Security Management System (ISMS).
This position reports to RockStep’s Executive President with dotted line reporting to the company’s CEO. The office of ISRM operates independently of all other departments and acts as a policy setting and watchdog office. This position does not directly enforce ISRM policies, but is responsible for reporting compliance and issues to RockStep’s executive officers.
As a watchdog and policy setting office, this position requires and exceptionally high level of integrity and willingness to report deficiencies to RockStep’s executive leadership. This position develops and maintains ISRM related policies consistent with the requirements of ISO and RockStep’s customers. This position is responsible for filing out customer ISRM audit documents.
Our company culture is important to us. We are looking for a team player who respects the individual. We take care of our company, take care of ourselves, and work as a team to take care of each other. We value diversity and hearty debate, and we embrace outcomes of debates, even when we may not all fully agree with final decisions. If these words resonate with you, you may be a good culture fit for RockStep.
Outline of Tasks
- Lead RockStep’s efforts to achieve and maintain ISO 27001 Certification and develop an ISMS
- Identify risks and work with RSS team to develop mitigation strategies to address same
- Set clear objectives for managing risk and oversee the implementation of appropriate risk controls
- Maintain RockStep’s internal ISRM related policy documents
- Chair ISRM related internal audit meetings
- Identify policy gaps and oversee the development and refinement of policy documents to close the gaps
- Make sure that RockStep maintains all appropriate ISMS and ISO related regular internal meetings and ensure meetings are conducted professionally with minutes and issues documented and made available in an appropriate secure data archive
- Respond to and lead the fulfillment of ISRM related audit requests from customer
- Lead the development of ISRM internal reports to be presented to RockStep’s Executive Leadership.
- In the event of any information security event related to RockStep’s product or internal systems, this position works with relevant RSS team to ensure appropriate investigations, mitigations, logging, and reporting are conducted. Report event to RockStep’s Executive leadership.
- Five-plus years working with ITIL in an IT organization
- Experience managing and maintaining an ISMS and ISO Certifications, including developing risk management strategies
- Experience working with document management systems for maintaining policy documents.
- Experience leading and managing direct reports
- Project management tools relevant for managing processes required for ISRM policy
- Experience developing ISRM reports
- Industry experience responding to ISRM audits
- Experience with Azure infrastructure.
- Excellent oral and written communication skills for developing reports and presenting materials
- Project management skills necessary for managing an ISRM compliance and leading ISO Certification processes.
- Use of all Microsoft office products
- Microsoft Sharepoint
- Customer facing personality for responding to ISRM audits. Must be outgoing and easily build rapport with customers
- Ability to communicate policies and the importance of policy adherence to staff
- MS degree or higher in an appropriate IT field
- ISO 27001 Certification
- ITIL certification
- Ability to travel occasionally to attend meetings
This position can work remote with occasional travel to RockStep’s headquarters for key meetings