Security Governance Officer (SOC 2, ISO 27001)
Austin, TX, USA
Posted on Tuesday, September 19, 2023
Sonar’s industry leading solution solves the trillion-dollar challenge of bad code, equipping developers and organizations to reach a problem-free state in their codebase with Clean Code. Through its unique Clean as You Code methodology, the organization has empowered 7 million developers and 400,000 organizations across the globe to systematically deliver better software.
The impact you can have
We have a primary goal to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security. We want to build customer trust by strengthening our security profile and expanding our suite of independent certifications. Already ISO 27001 certified since 2022, we will now pursue SOC compliance to obtain SOC2 and SOC3 reports.
To achieve this goal, we are looking for a talented security governance professional to join the team. You will have extensive experience implementing security governance frameworks and managing the pre-audit and audit processes. You will raise the bar for our security processes, procedures and controls across our organization ensuring they are designed and implemented to levels that will satisfy an independent audit. As part of a team-based organization, your contributions will significantly impact the growth of our business via Sonar’s “collective intelligence” mindset.
On a daily basis, you will
- Lead the implementation of the trust service principles required for SOC compliance and manage the auditing of the systems and processes to obtain SOC2 and SOC3 reports
- Lead the continuous improvement of the ISO 27001 Information Security Management framework, the audit lifecycle and resolution of findings
- Operate compliance monitoring to ensure compliance with internal security policies
- Liaise with all departments to assess the compliance gaps, determine the remediation actions to close them, and track and report progress
- Manage security risk assessments, and control design and testing activities
- Manage the implementation of other standards such as ISO27017 and ISO 270018
- Periodically provide or source metrics, report on status, gaps, exceptions and risk through key indices
- Support information security awareness, training and educational activities
The skills you will demonstrate
- You have at least 5 years of experience implementing and maintaining compliance with ISO 27001 standards and the SOC trust principles
- You have extensive experience managing internal and external audits through careful preparation and post-audit activities
- You have excellent knowledge and experience in the management of risk
- You have excellent organizational and planning skills
- You have strong knowledge of all IT disciplines, IT service management and delivery
- You have experience addressing Information Security issues in a broad range of IT infrastructures and technologies
- You have experience with SaaS/Cloud technologies and on-premise software delivery
- You have experience working on cross-team projects across a global organization
- You have experience reporting and presenting operational activity and project progress
- You are a friendly, enthusiastic and organized team player
- You actively share your knowledge and give and receive feedback, to improve the team and yourself
- You are fluent in English, both written and spoken
Why you will love it here
• We value a safe work culture - founded in respect, kindness, and the right to fail.
• We hire great people - we value communication skills as much as technical prowess and we strive to create a work environment that allows for everyone to succeed and feel empowered to do their best work. Our 500+ SonarSourcers from 35 different nationalities can relate!
• Work-life balance - a healthy work-life balance is very important at Sonar.
• Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
• We promote continuous learning - in an ever-changing industry, learning new skills is the key to growth and success! We're happy to support all employees in this journey if desired.
What we do
As Home of Clean Code, Sonar is the ultimate solution to achieving Clean Code for developers and organizations alike.
The company was formed to develop the open-source tool SonarQube, which has since become the go-to standard in code quality management. We strive every day to pave the way for developers, tackling the toughest issues head-on and pushing the limits of what’s possible.
Who we are
At Sonar we believe in people, dedication, and innovation. We’re a team of problem solvers who are passionate and relentless in their respective missions. We want to work with people who are ready and willing to fasten their seat belts and be part of an incredible ride!
Our Core Values are: Smarter Together, Excellence, Innovation, and Delivery. They reflect our unique culture and we expect them to help shape and positively strengthen our organization.
If you want to learn more about our culture, check out our blog post.
Join us; we’ll be smarter and stronger together!
Sonar is an equal-opportunity employer and is committed to treating every employee with equal respect and fairness. We maintain a zero-tolerance policy toward any form of discrimination. All candidates will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, veteran status, disability, or any other legally protected status.