ArmorCode is a hyper-growth startup with a line-up of marquee customers that are an envy of even Fortune 500 companies. Our customers range from fast-paced digital native companies to #1 brands across three major global categories.
ArmorCode provides the industry’s leading AppSecOps platform delivering AppSec at the speed of DevSecOps. Since its founding in 2020 in Palo Alto, California by serial entrepreneurs with a successful track record of starting and growing startups, ArmorCode has won numerous awards including SINET 16, Globee IT & Disruptor Awards, Hot Startup of the Year award, and the TiE50 Award. ArmorCode was spotlighted on the iconic Nasdaq tower and was included in Gartner's AppSec Hype Cycle under Application Security Orchestration and Correlation tool (ASOC) category.
Application security is one of the fastest growing sub-segments within the fast-growing cybersecurity market, and we are a clear market leader in our category because of the platform-based architecture. In a world that is getting digitally transformed, application visibility and application security posture management are foundational and are a perfect launch pad for long-term career success. At ArmorCode you will find passionate problem-solvers who embody our core values: Hunger, Humility, and Humanity.
Agile DevOps, Cloud Deployment, Microservices and Open Source have all dramatically accelerated application delivery and complexity. Today’s AppSec teams depend on a collection of point security products and siloed manual processes. This leaves them struggling to gain the visibility, insight, and process scale they need to identify and protect the always changing and growing application risk surface. This resulting AppSec Chaos means applications ship fast without the assurance of shipping securely, leaving the organization at risk of breaches and losses.
The ArmorCode AppSecOps Platform is the solution to this challenge. We provide AppSec teams with the visibility, actionable insight, automation, and integration needed to build, deliver, and scale an effective and efficient AppSec program across the entire organization, as well as the DevSecOps pipeline.
ArmorCode's next-generation AppSecOps is the only platform that consolidates multiple key AppSec needs (Application Security Posture Management, Unified Vulnerability Management, DevSecOps Orchestration, and Continuous Compliance) into a single-pane-of-glass to minimize tooling and alerts while maximizing agility, efficiency, and cost-efficacy. With it, enterprises radically simplify and accelerate their application security while drastically cutting costs. Our platform is loved by global brands & category leaders, backed by leading VC firms, and powered by security experts.
ArmorCode's mission is to help organizations ship software fast and ship it securely, no matter where it is built, how it is built, or who builds it. We invite eager talent ready for this challenge to join our team and power our rocketship.
The Security and Compliance Lead will be responsible for the compliance and Information Security of ArmorCode, including protecting client data.
The Security and Compliance Lead has the responsibility of leading junior staff and assisting senior leadership in the design, evaluation, development, implementation and operational aspects of process standards, procedures and guidelines supporting the company's information security plan and SOC – II, ISO 27001, GDPR, CCPA compliance.
What You’ll Do:
- Manage and perform SOC -I, SOC – II, ISO 27001, GDPR Compliance audits, ensure adherence to compliance requirements.
- Manage and perform audits of internal security controls, security policies and SOC controls, documenting and remediating exceptions.
- Keep compliance controls, security policies and process documentation thorough and up to date.
- Complete all RFPs and security questionnaires received from ArmorCode customers
- Coordinate with engineering teams and participate in identifying and remediating information security weaknesses.
- Lead the cyber security trainings for employees and conduct assessments.
- Administration and operation of security controls.
- Investigation of logs/ constant monitoring of logs to identify intrusions, sensitive data and malicious activity.
- Preferred - Experience of taking an organization to any of the above compliance from the start
- Drive cloud security framework
- Conducts risk assessments for various departments and functions, analyzing potential business impact.
- Manage Security, Architecture and BCP/DR
- Manage internal & external audits, track closure of identified gaps
Qualification and Experience Requirements
- 8+ Years of IT Auditing and managing compliance with PCI/HIPAA/ISO 27001
- BS in Computer Science/MIS (or equivalent education/work experience)
- Industry standard security certifications (CISA, CISM, ISO 27001 LA, etc.)
- Excellent written, verbal communications skills, listening and interpersonal skills
- Well organized strong problem analysis and decision-making ability.
- Experience with AWS cloud security standards, configurations and tools
- In depth knowledge of IT Security and compliance including procedures around the following:
- Change Control and Production Deployment
- Auditing and Compliance SOC I and SOC II Reporting
- GDPR Compliance
- ISO 27001
- Internal IT Security Controls
- Incident Management Procedures
- Risk Assessment of Third-Party Vendors
- Security Awareness
What We Offer
In addition to a competitive compensation package for this role, candidates will have an opportunity to directly and significantly influence application security space, and diversify skill sets by taking on new and exciting challenges.
- Competitive salary and bonus
- Stock options
- Medical Insurance
- Work from home Remote flexibility – Based in India
If you want to join a rocket ship that is on a hyper growth trajectory, send a note and your resume to firstname.lastname@example.org