Senior Manager, InfoSec

Who You Are:You will lead Polly's Information Security function to secure, maintain and grow a world-class mortgage technology services and technology ecosystem for our customers. You are looking for a unique opportunity to shape and grow Polly's security culture. Your 5+ years of enterprise information security and cloud technology experience has prepared you to successfully develop, enhance and oversee all information security operations activities. Your expert-level skills in access management in a cloud computing environment, vulnerability scanning, third-party risk assessment, SIEM management, business continuity or disaster recovery makes you the perfect fit for this role. Leading security strategy, direction and cross functional security teams comes naturally to you. Overall, you are a dynamic professional who is excited to make an impact across the organization to keep Polly secure and compliant with industry best practices and regulations. Does this sound like you? If so, apply today and let's start the conversation!What You'll Do:Perform annual SOC2 compliance, penetration tests, and BCPDR scenariosOwn, develop, implement, and report to the Board of Directors on the short and long term security strategy and goals in alignment with Polly's business objectives and cultureConduct in-depth security reviews and risk assessments of core corporate and production infrastructure to identify gaps, come up with recommendations, and implement proposed solutionsEvolve Polly's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidentsRespond to security audits and security assessment requestsMaintain awareness of current and emerging threats, specifically those within the financial services sector, to ensure cloud environments are properly secured, monitored and documentedOversee management of information security tools, contracts, documentation, policies and processes to ensure an operating environment that is sound, sustainable and compliant with company policies and requirementsAssess and identify security controls for sensitive and regulated data, and refine and oversee Polly's compliance programs aligned with SOC2Resolve security resource requirements including budget, staff, training needs and prioritizationEnsure the appropriate development and delivery of end user security awareness training, effective reporting, as well as performance metrics; executes on security metric reporting to ensure business and senior leadership have a proper view of current security state and risksDefine requirements and lead on evaluating and analyzing existing and new technology, platforms and applications to anticipate potential security gaps and concernsOwn all documentation, process, and training surrounding Polly's business continuity and disaster recovery abilitiesWhat You Have:8+ years of enterprise information security or relevant technology experience, including with cloud technologies; B2B and SAAS preferredAbility to communicate information security requirements to non-technical security stakeholdersDeep understanding of risk management principles and strong understanding of incident management and security operationsExpert-level experience in at least some of the following areas: access management in a cloud computing environment, vulnerability scanning, third-party risk assessment, SIEM management, business continuity or disaster recoveryFamiliarity of regulatory requirements such as GLBA and CCPA and frameworks such as NIST and ISO 27002Why Join Polly:We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates We have an experienced leadership team that previously built large and impactful platforms Outstanding opportunity for professional growth and upward mobility Direct engagement with the decision makers and senior business leaders Competitive salaries100% paid medicalvisiondentaldisabilitylife insurance Unlimited PTOHybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas>Let's get to know each other.Polly is transforming the mortgage industry with its modern, data-driven capital markets ecosystem. Banks, credit unions, and mortgage lenders nationwide trust Polly's revolutionary Product and Pricing Engine (PPE), Loan Trading Exchange, and actionable data and analytics to automate and optimize the entire capital markets value chain, helping their secondary teams operate faster, smarter, and more profitably. Polly was founded in 2019 by a seasoned team of technology and mortgage experts and is headquartered in San Francisco, California. To learn more, follow Polly on LinkedIn or visit Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Beware of recruitment scams impersonating Polly brand or employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at . We care deeply about this network and your experience.

Created: 2025-03-05