Fingercheck frees small business owners with hourly employees from the stress of payroll, scheduling, time tracking, benefits and hiring. Our flexible, automated all-in-one HR platform is easy to use and customizable for the individual needs of small to medium sized businesses.
Fingercheck’s all-in-one cloud-based human resources solution makes extensive use of Microsoft’s .NET development platform for web and mobile applications from .NET Framework to .NET Core.
Reporting to the CTO, the Director, Cybersecurity is a hands-on member of the Engineering team responsible for security governance, risk, and compliance (GRC) as well as the implementation of security architecture and engineering to defend Fingercheck’s SaaS solution against hacking, malware, ransomware, and internal threats.
This position can be located 100% remotely or remote / onsite hybrid at our NYC headquarters.
How You Will Make an Impact:
● Collaborate with Engineering, Product, and business teams to define, develop, execute, manage and govern policy development, compliance and enforcement, risk management and mitigation, organizational assessment, education and awareness, incident response, business continuity and disaster recovery.
● Provide hands-on guidance and technical implementation of security best practices and tools within our AWS environment across identity and access management, intrusion detection, infrastructure protection, data privacy, availability, confidentiality, and processing integrity
● Ensure the effective execution of annual security audits, risk assessments, and compliance toward SOC 2 Type 2 certification including areas such as logical access, change management, asset management, backup systems, security tools, human resources, and vendor management
● Lead efforts related to annual penetration testing and application vulnerability assessments
● Engage in security tabletop exercises to assess, inspect and adapt organizational readiness to respond to emergency situations
● Provide hands on implementation of organization-wide endpoint protection including workstation and mobile device management
● Assume the role of incident response lead for any security related incidents and events
● Lead the development, authorship, and dissemination of up-to-date information security policies, standards, and guidelines. Implement and maintain security policies and practices
● Coordinate security training for employees, contractors, partners, and other third parties as appropriate
● Oversee and lead the creation, communication, and implementation of a risk-based process for vendor risk management, including the assessment and mitigation of risks that may result from partners, consultants and other service providers
● Provide subject matter expertise to Engineering and executive management on a broad range of security standards and best practices, including NIST, PCI, and SOC
● Develop a security-by-design approach to vulnerability program management
What You Bring to The Team:
● 7+ years’ of hands-on cybersecurity experience in a major services organization supporting or leading data security, GRC, privacy programs and SaaS infrastructure security.
● One or more relevant certifications such as CISM, CISSP, and CRISC
● Familiarity with industry standard frameworks such as ISO 27001 and NIST Cybersecurity Framework.
● Knowledge and experience in information privacy and security laws
● Experience with risk management and governance solutions.
● Hands-on expertise in implementing security best practices for various AWS services including IAM, SSO, IIC, Cloudwatch, Guard Duty, Security Hub, security groups, WAF, etc.
● Expert proficiency with respect to encryption standards, ethical hacking, border protection and penetration testing.
● Excellent written and verbal communication and presentation skills
● Self-starter with great analytical skills, attention to detail, a sense of ownership, urgency, drive, and passion for continuous learning
What We Offer:
● Competitive compensation
● Health, vision, and dental care
● Flexible PTO
● 401K with generous company match
Please note that this is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills, or working conditions associated with the job. While this description is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed if circumstances change.
About Fingercheck
With over 5,000 clients nationwide, Fingercheck is a start-up cloud-based Human Capital Management Platform providing Time & Attendance, Payroll, and HR management designed to interface with fingerprint and biometric time-tracking devices.
Our Brooklyn-based office offers a collaborative environment and great company culture, in which someone is always open and willing to answer questions.
Fingercheck is an equal opportunity employer that values diversity, inclusion, and belonging. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law.