Gravy Analytics is disrupting the world of consumer intelligence. We are the only location-based consumer intelligence platform providing real-world information about the places people visit and the events they attend. Our mission is to be the largest and most accurate source of usable and trusted location intelligence that reveals how consumers live their daily lives. Understanding where people go and how they spend their time gives marketers and analysts unprecedented insight into consumer interests, preferences, and trends.
Gravy Analytics works with leading brands across industries – from finance to retail to professional sports - to provide market research, improve customer engagement, and generate more sales. Our location-powered solutions fuel ad targeting, customer relationship management, and competitive insights, enabling businesses to reach more prospective buyers, to better serve their customers throughout the life cycle, and to stay a step ahead of their competition. Processing billions of location signals daily, Gravy Analytics provides the essential data that powers many of our customers' proprietary solutions, as well as our own products and services.
Gravy Analytics is looking for an exceptional Data Security Manager to lead our security efforts and partner with our product development and cloud hosting teams to design, implement and manage security programs and certifications. The successful candidate will provide sound, clear and succinct recommendations and analysis to internal and external stakeholders and reassure our customers and partners that our environments and data are secure. This position will report to the CTO and be based in our offices in Sterling, VA (2 days per week of remote work is possible).
Design, implement and document the Information Management System.
Maintain, update and revise information security policies and procedures.
Prioritize, design, and implement new security initiatives to support the policies and procedures.
Assess security plans for existing vulnerabilities, prioritize strategies to remediate gaps and protective sensitive and strategic data and assets.
Deploy AWS security best practices and AWS security profiles (e.g. specifying rules which limit what users in the account can provision).
Implement RBAC and IAM security best practices and support development teams to best set privileges in an environment where some team members share both development and DevOps roles.
Responsible for data loss prevention including security monitoring and protection of Cloud and diverse data assets.
Research and recommend anti-virus solutions for Cloud based and physical devices including Linux, MAC OS and Windows as well as network security for physical and virtual networks enabled through Cloud providers.
Develop and implement penetration testing and incident response programs.
Create and administer security training programs.
Education: Bachelor’s degree (or equivalent)
Certifications: CISSP certification or other IT Security certifications required CEH, CISM, OSCP, etc. preferred
5+ years of experience in an ISSO / ISSE / ISSM role
Experience with AWS CIS best practices compliance, SOC 2 compliance and Application and application endpoint (API) security & best practices
Experience with ISO 27001, Continuity of Operations planning (COOP) and Disaster Recovery planning for Cloud environments preferred
Knowledge of network and cloud-based system security principles including RBAC and IAM, current security threats and mechanisms for protecting systems against such threats
Strong written & verbal communication skills
Demonstrated ability to work well without constant supervision
Excellent computer skills, must be familiar with Mac, Windows and Linux OS
Honesty, integrity and professionalism
Ability to multitask, work under tight time pressures, prioritize work, and react quickly to changing business needs and demands all in a fast-paced, high-growth business environment
Collaborative, thoughtful, passionate about your work, and good sense of humor