FM:Systems provides workplace management technology and solutions that enable facility and real estate teams to identify, plan and deliver the ideal workplace for every employee. Our broad solutions portfolio of software and hardware, specializing in space management and optimization, assets and maintenance, strategic real estate planning, resource scheduling, as well as projects and sustainability, empowers our clients to gain insight into how their facility space is performing, how they enhance efficiency and create an employee-centric workplace.
At FM:Systems, we have 3 guiding values around what we believe and how we behave 1) do the right thing, 2) act with urgency, and 3) cultivate a culture of excellence and accountability. We aim to offer our clients an exceptional experience with every interaction, foster innovation, and invest in our people. We provide a flexible work environment with an open time-off policy, internal mobility, and growth opportunities. Additionally, we offer a comprehensive benefits package, monthly company updates with our CEO, virtual events, and more. If you’re ready to join a company that prioritizes their employees, apply today!
The Director of Information Security will be responsible for maintaining and optimizing the company-wide information security management program including responsibility for ensuring the security and data privacy of FM:Systems’ suite of Cloud products and services nationally and internationally. The Director is the owner of all activities related to the security, integrity, and confidentiality of data and information of FM:Systems’ customers, business partners, prospects, and employees. Ideally, the candidate would live in Raleigh, NC or Traverse City, MI.
In this role you will have the opportunity to:
Maintain, and audit a comprehensive written Information Security Plan or Plans in compliance with state and federal regulations in the United and with regulations in jurisdictions outside of the United States, as applicable, covering all Personal Information (as defined in relevant state, federal, and applicable international jurisdictions) collected, processed, or stored by FM:Systems
Maintain, and audit FM:Systems’ Privacy Policies in compliance with all jurisdictions in which data originates or is governed
Work with legal and other internal resources to maintain FM:Systems’ data privacy compliance with the Department of Commerce for the legal transfer of cross border Personal Information
Review all system-related information security plans throughout the company’s network to ensure alignment between security and privacy practices, and act as a liaison to individuals, legal, the infosec committee and the Chief Technology Officer, as applicable, on all security matters
Identify and minimize internal and external risks to FM:Systems’ security and communicate risk and status of risk mitigation efforts to direct supervisor
Work with outside legal counsel to understand relevant laws and regulations
Communicate to direct supervisor about any applicable laws or regulations affecting information security or privacy to which FM:Systems is subject in jurisdictions in which it does business
Communicate status of security functionality and privacy compliance to the Chief Technology Officer relative to information security and current practices. Responsible for GDPR compliance for EU operations for FM:Systems’ role as a legal processor of its clients’ Protected Information
Ensure that all of FM:Systems’ processing systems have appropriate policies, procedures, personnel, and equipment in place to ensure the integrity and confidentiality of all information residing on those systems, and leads the external audits and certifications of these processes through programs like SOC 2, FedRamp, GDPR, Privacy Shield and others.
Identify applicable third party service providers who touch personal information to amend their contracts, if necessary
Conduct data security due diligence on third party service provider including data security, disaster recovery policies, details of incidents or breaches and work with legal counsel to include specific requirements in third party service provider agreements that address relevant data security measures
Develop, implement, and manage FM:Systems’ Security Incident Response and Disaster Recovery policies and procedures
Understand the security posture for all products and services company wide & maintain and keep current data mapping documentation by product and jurisdiction
Ensure that business unit security programs appropriately address security across different functional departments (e.g. developers, human resources, end users etc.)
Train employees and contractors annually on internal policies and procedures related to general Personal Information security and privacy including but not limited to the proper use of FM:Systems’ security protocols and the importance of Personal Information security.
The successful candidate for this role will have the following skills and experience:
Bachelors degree in Information Technology or related field
10+ years of experience in information technology with a minimum of 7 years information security experience.
5+ years of experience with knowledge and experience within (SaaS) solutions and architectures
5+ Years of management experience
Experience with Federal Contracting, including FedRamp, a plus
Strong knowledge in technical foundations of modern public cloud computing security, application security, networking security, and cryptography.
Experienced with IT audit, information security, and compliance.
Extensive knowledge of SOC, HIPPA and ISO Compliance as well as knowledge of Cloud Security Alliance (CSA), PCI/DSS and global data protection and privacy laws (GDPR and Privacy Shield).
Basic knowledge of DevSecOps, DevOps, Agile, and Scrum.
Strong technical understanding of cloud security challenges and controls for Amazon AWS and Google Cloud Platform (GCP).
Strong understanding of the SaaS business model including the security challenges and controls necessary for a cloud service provider.
Clear ability to communicate persuasively and build a business case with technical stakeholders as well as senior executives up to the board level.
Experience and ability to prepare, justify, and manage a security budget.