17 days old

Information Security Manager (DevSecOps)

Washington, District of Columbia 20036
  • Job Type
  • Job Status
    Full Time

Consistently named one of the top D.C. start-ups to watch since 2016, Quorum builds software that helps public affairs professionals work smarter and move faster. Our philosophy is people-first, whether we're supporting team members in their careers or prioritizing our clients with a best-in-class customer success program. Quorum's clients use our tools to bring a modern approach to advocacy work in Congress, all 50 state legislatures, major U.S. cities, the European Union, and more than a dozen countries.

Information security has long been a priority at Quorum, both because our many enterprise clients expect high levels of security and because protecting our users’ data is the right thing to do. Quorum has established many best-in-class security systems across the company, and now we’re going a step further and creating a dedicated information security team who will pursue third-party certifications (SOC2 Type II) to demonstrate the quality of our security systems and our commitment to our users’ safety.

With this role, you’d be the first full-time team member dedicated to information security and lead the strategy, implementation, and daily operations of information security at Quorum. While initially you will focus on building the documentation and systems necessary for Quorum to obtain a SOC2 Type II certification within the next year, you will eventually own the full security, compliance, and privacy infrastructure at the company.

This role reports directly to Quorum’s CTO and will have a large impact on the growth and development of information security at a fast-growing company.

What You’ll Do

  • First Week: You’ll learn about Quorum’s many existing security systems and practices ranging from the application and infrastructural security built into our products to the phishing tests we send to our team and everything in between. You’ll start to put together a roadmap for process remediation and improvement.
  • First Month: You’ll begin documenting Quorum’s existing security policies and establish new policies that move Quorum towards best practices across the security spectrum. You’ll take over ownership of a variety of security practices including security training, phishing testing, penetration testing, and much more.
  • First Six Months: You’ll lead Quorum’s SOC2 Type II audit process ranging from an internal review to working with a third party auditor for a readiness assessment and full audit. You’ll generate documentation, coordinate internal stakeholders, establish new processes, improve existing systems, and drive the entire project to completion.
  • First Year: You’ll take over ownership of all of Quorum’s security systems. You’ll implement security best practices, monitor for security incidents, and remediate security vulnerabilities within IT software and systems. You’ll provide recommendations directly to company leadership to improve the company’s security posture and further establish Quorum as a leader in information security.

About You

  • You have 5 or more years of experience working in Information Security or a security-focused IT role within a medium-to-large (100-person plus) company
  • You’re an information security aficionado—you have deep hands-on expertise both in the creation of industry-standard security policies and the implementation of systems including networking, email, firewalls, antivirus, intrusion detection, VPNs, antivirus, and more
  • You’ve previously participated in a third-party information security audit and have worked at an organization that has received a SOC2, ISO27001, FedRAMP, or similar certification
  • You’re excited about both creating great policies and systems and getting into the weeds of implementing and maintaining high-quality security practices, including configuring computers, antivirus, firewalls, email, etc. 
  • You’d stand out if you had a third-party certification like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or other equivalent certification
  • You have experience developing, managing, and publishing enterprise security policies, standards and procedures

About the Software Development Team

  • We’re a fast-growing team that is dedicated to improving our people, processes, and platform. The 20-person overall team is comprised of the Backend software engineer team, two full-stack software engineering teams, the Product Management team, and our Product Design team.
  • We support many different products but internally think of them as one system with a single unified codebase. Our goal is to build centralized systems that handle complex problems for multiple features and products.
  • We’re focused on doing the important things the right way -- we write solid documentation, test our code well, design for scale, and follow defined software development processes.
  • We follow best-in-class security practices to safeguard our data and application against bad actors. We regularly test and update processes and technology to fight complacency, because we know good security is a continuous effort.
  • We curate high-quality datasets that are essential for effective mapping and tracking of the government and public affairs spaces. Our datasets underpin our promise to give users the information necessary to make smart decisions that influence policy.
  • We set rigorous quality standards and monitor them with a mix of programmatic and manual verifications to ensure users maintain a high degree of trust in our systems.
  • We’re very close as a team and invest not only in each others’ skills and careers but also in building real relationships with one another: product development is a team sport and we believe that it’s better (and more fun) to work on a team of people that you know well and care about.

Our Work Environment

  • We usually work in a vibrant, sunlit space in our modern, open concept office. During the COVID-19 health crisis, most of our team members are working from home in locations around the world. Team members will have the option to work from home until at least January 31, 2021. Those that feel safe re-entering the office earlier can apply to be part of a pilot re-entry program. All candidates need to be willing and able to relocate to the Washington DC area in 2021
  • Our office building is located in the heart of downtown DC, easily accessible by metro, bus, and rideshares. It is also in close proximity to great restaurants, food trucks, shopping, and popular happy hour spots
  • Our team loves to spend time doing fun things outside of the office, which we call Quorum Fun events. Past Quorum Fun events have included apple picking, yoga, and wine tasting

Do you want to learn what it's like to have a real impact at a fast-growing company that is changing the way the advocacy process works? If so, drop us a line. We'd love to talk to you!

Compensation Structure

  • Base Salary: $80,000.00–$120,000.00 (commensurate with experience)
  • Benefits: 401(k) match, trans-inclusive health benefits, 12-weeks paid maternity/paternity/adoption/fostering leave, unlimited PTO, and more.


Posted: 2020-10-06 Expires: 2020-11-06

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Security Manager (DevSecOps)

Washington, District of Columbia 20036

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast