Information Security Manager

About Route

Route is helping people discover and celebrate the world's brands through a completely reimagined e-commerce marketplace that directly connects and empowers both consumers and brands. Route's unique platform takes a holistic approach to online shopping, rethinking the consumer experience from discovery to delivery via the Route app, while offering a suite of features that provides merchants the tools necessary to enhance the overlooked post-purchase experience. Since launching in 2018, Route has built a network of over 1.5 million app users and 7,000 merchants. The company has offices in Lehi, UT and Los Angeles, CA. For more information go to route.com

About the Role:

Route is looking for an Information Security Manager to join our platform team as a champion and expert in information security. This role is responsible for running the information security program at Route, defining policies and championing security throughout the entire organization.

This individual will have the opportunity to grow their skills and experience in many areas with the opportunity to work with cutting edge technologies. We seek to hire the best and have a team of highly competent engineers who love to collaborate and creatively solve problems together. We need an information security manager who is passionate about championing security and finding innovative solutions. They must be willing to own projects and see solutions are fully found and implemented. We are a startup and things move quickly. This role will require the ability to understand, manage, and communicate security risks and tradeoffs as we grow and evolve.

Your Participation

• Develop and carry out information security plans and policies
• Develop strategies to respond to and recover from a security breach
• Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
• Awareness training of the workforce on information security standards, policies and best practices
• Collaborate with engineers on security best practices and champion security through all phases of software development
• Work with the SRE team to build security automation into CI/CD pipeline
• Develop and implement AWS security best practices
• Work with external auditors to obtain desired certifications and conduct third party assessments.
• Investigate security breaches
• Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
• Work with sales and customer success teams to answer security questions and address concerns from potential and current customers

Qualifications

• Experience defining and applying security policies and frameworks including experience with industry standards such as NIST, ISO 27001, SOC-w, etc
• AWS and cloud platform as a service (PaaS) security
• Knowledge of risk assessment tools, technologies and methods
• Expertise in designing secure networks, systems and application architectures
• Disaster recovery, computer forensic tools, technologies and methods
• Planning, researching and developing security policies, standards and procedures
• System administration, supporting multiple platforms and applications
• Expertise with mobile code, malicious code, and anti-virus software
• Expertise in endpoint security solutions, including file integrity monitoring and data loss prevention
• Bachelor's degree in computer science/information systems or equivalent
• 4+ years of experience in information security
• Certifications such as CISSP, GSEC, CEH or CISM helpful

Benefits:

Route offers an array of benefits including generous salaries, stock options, 100% healthcare coverage, and an unlimited PTO policy.

Route is an Equal Opportunity Employer. We embrace diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.