Who we are:
Welcome to BookedBy, an industry-leading business management solution and scheduling software for salons, spas, and barbershops everywhere.
BookedBy — with headquarters in Austin, TX — features more than 100 employees across three continents and powers thousands of locations worldwide with top brands such as Sport Clips Haircuts, Diesel Barbershop, Perfect Look, Sharkey’s Cuts for Kids, Hairzoo, and more.
Founded in 2011, BookedBy’s scheduling platform has more than 60 million bookings annually and enters an exciting growth phase into other service-based businesses.
Job Summary:
We are seeking a Security Compliance Manager to achieve our company’s data security and compliance objectives. This work encompasses management of security controls (SOC 2 type 2), implementing and maintaining effective policies, and maintaining a strong security posture across the organization. This unique opportunity is perfect for individuals that want to build on their cyber security experience, are passionate about compliance, and want to make an impact in the company. The successful candidate will have strong experience in information security and compliance, ideally in the context of cloud-native organizations.
The security compliance manager is responsible for directing, managing, and providing leadership for the organization’s information security and compliance program. This includes collaborating with cross-functional teams to develop, implement, and maintain an information security program that meets or exceeds the requirements of industry regulations, standards, policies, and legal requirements.
Key Responsibilities:
- Implement and maintain the organization's information security policies, standards, and related governance documents.
- Work with all company departments to ensure that the policies are adhered to.
- Lead and participate in the design, implementation, and ongoing management of security controls and processes to reduce cybersecurity risk for the company.
- Direct and oversee the assessment, selection, implementation, and maintenance of information security tools and technologies.
- Serve as the primary point of contact for SOC 2 type 2 audits, ensuring timely and successful completion of initial and ongoing SOC 2 type 2 compliance certifications.
- Evaluate new or updated industry regulations to ensure continued compliance.
- Respond to security incidents and remediate security findings identified through internal audits, external audits, vulnerability assessments or penetration testing.
- Research security standards, security systems and authentication protocols, keep up to date with the latest trends in the cybersecurity industry to improve company security.
- Participate in business continuity planning (BCP) activities when required by regulation or senior leadership
- Conduct internal phishing training and phishing drills for employees.
- Collaborate with legal, IT, and other relevant stakeholders to address regulatory requirements related to data security and privacy.
Qualifications:
- A bachelor’s degree in information security, computer science, or related field. Equivalent years of experience may be substituted for the degree requirement.
- 4+ years of experience in information security
- Proven experience in a compliance-focused role, with a strong understanding of SOC 2 requirements.
- One of the following certifications is preferred: CISSP, CISM, CRISC, CISA, Security+
- Effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel.
- Experience with could computing (AWS, Azure, GCP) is preferred.
- Experience with Lacework or other SIEM or vulnerability scanning tools is a plus.
- In-depth knowledge of at least one major regulatory framework (e.g., PCI DSS, HIPAA, GDPR) is preferred.
- Experience leading security teams in SaaS, financial, retail, or healthcare sectors is preferred.
What we offer:
We offer roles in an energetic, dynamic, and global environment with great opportunities to grow and take on new challenges. Our growth is continuous – which gives endless potential to grow with the company.
- Medical Insurance
- Paid Time Off
- Flex Work Schedule: In-person Monday - Thursday, Flex day Friday