- Company Name
- Jotform
- Job Title
- IT Security Technical Manager
- Job Description
-
**Job Title**
IT Security Technical Manager
**Role Summary**
Senior security lead handling design, deployment, and ongoing upkeep of security architecture, standards, and incident response for a large SaaS platform. Responsible for safeguarding confidentiality, integrity, and availability across web applications, infrastructure, and development pipelines while ensuring regulatory compliance.
**Expectations**
- Deliver end‑to‑end security solutions that meet PCI‑DSS, SOC 2, HIPAA and other applicable regulations.
- Lead incident response, business continuity, and disaster recovery planning.
- Serve as a central point for compliance verification and client due‑diligence interactions.
- Mentor and empower global DevOps and development teams on secure coding, threat awareness, and best practices.
- Maintain security excellence in a dynamic agile environment.
**Key Responsibilities**
1. Design, implement, and evolve security architecture for a multi‑tenant SaaS platform.
2. Develop, publish, and maintain information‑security policies, procedures, and guidelines aligned with industry best practices.
3. Lead incident response, and coordinate business continuity and disaster recovery initiatives.
4. Ensure compliance with PCI‑DSS, SOC 2, HIPAA, and other regulatory frameworks.
5. Review technology proposals for security controls, recommend adjustments, and approve implementation.
6. Manage a distributed team of security engineers.
7. Conduct vulnerability assessments, penetration tests, and remediation planning.
8. Analyze application, server, and network logs to detect and investigate suspicious activity.
9. Secure PHP, MySQL, Node.js, Docker, and Elasticsearch components through hardening and monitoring.
10. Educate and collaborate with development and DevOps teams to embed security into the SDLC.
11. Respond to client and regulatory inquiries regarding information‑security posture.
**Required Skills**
- 10+ years of hands‑on security experience in SaaS architecture, engineering, or administration.
- Deep knowledge of web application security, secure SDLC, network security, authentication protocols, cryptography, and access controls.
- Proven ability to manage security compliance for PCI‑DSS, SOC 2, HIPAA.
- Practical expertise in securing PHP, MySQL, Node.js, Docker, Elasticsearch.
- Proficiency in security log analysis and incident detection.
- Leadership of global security engineering teams.
- Strong diagnostic, strategic thinking, and prioritization capabilities.
- Excellent written and verbal communication.
**Required Education & Certifications**
- Bachelor’s degree in Engineering or related accredited field.
- Professional security certification (GSEC, CISA, CISM, CISSP, CSCS, CEH) or willingness to obtain one within 8 months.