Amicus.io is looking for a Manager of Infrastructure, Operations, and Security who is a hands-on leader responsible for implementing a comprehensive information security program, driving continuous improvement through DevOps and IT infrastructure support. Manage a team of self-starters to improve and innovate on behalf of the Customers and create opportunities for them to realize their potential and support their long term aspirations.
Duties and Responsibilities (Essential Job Functions)
- Responsible for building a transparent data driven DevOps organization, strategy and driving repeatable process and procedures in support of multiple always-available cloud-based SaaS applications.
- Supports automated and continuous production application deployments, building new systems and upgrading and patching existing ones.
- Uses monitoring tools to find and report on problems, resolve and/or partner with development and ensure that meets/exceeds SLAs.
- Manages the building of tools, processes and procedures to support the infrastructure and contribute to the formalization of system support documents, processes, procedures and checklists.
- Has an “Automate Everything” mindset to support scalable growth and promotes the use of scripting and frameworks to build required automation and tools. Drastically reduce cycle times and perform client upgrades without any downtime.
- Troubleshoot performance and scalability issues in products and infrastructure. Apply your problem-solving skills to peel away the layers to understand the core issue and address it with elegant solutions.
- Continually seek ways to improve support for the development team by regularly interfacing with Engineering and Product leadership.
- As a Hands-on Manager, participate in design, implementation and administration of all enterprise systems, and serve as inhouse expert.
- Manage, test, and implement patching and other updates to enterprise systems infrastructure.
- Oversee the network performance and performance tuning, troubleshooting network problems and escalating problems to outside vendor when necessary.
- Administers all systems backups. Perform and test backups and restore functions on a scheduled basis.
- Maintains enterprise systems related functions related to disaster recovery, and mobile access.
- Protects and ensures confidentiality and security of enterprise information.
Information Security and Compliance
- Assess the people, process, and technology to identify risks and vulnerabilities, and evaluate the effectiveness of existing security and privacy programs based on changing laws and regulations, industry security trends, vulnerabilities identified during audits, scans, and monitoring, and reviews of policies and procedures. Identify and plan improvements to security and privacy to meet Company and Client security requirements.
- Minimize the risk of business impact from incidents by managing and practicing a comprehensive business continuity and disaster recovery plan.
- Manage an incident management program to review, classify, and/or mitigate incidents in accordance with the identified level of risk. Manage the incident response to incidents, identify and implement solutions to prevent the incident from happening again, formally document the incident, and communicate the incident to internal stakeholders, external clients, and the appropriate Government and local officials.
- Own responding and remaining compliant to all information security, SOC2 Type 2, CCPA, GDPR initiatives, and requests, working closely with the business operations and DevOps teams.
- Perform customer/vendor risk assessment, including reviewing vendor/customer security and infrastructure architecture. Manages customer/vendor audits related to privacy and compliance and re-qualifying them on a scheduled plan.
- 10+ years of progressive experience in Information Technology in the areas of Software Development, Infrastructure Operations and Information Security.
- 5+ years of experience in SDLC and Infrastructure and DevOps.
- Prior experience implementing Information Security and Compliance programs.
- Experience with automating cloud native technologies, deploying applications, and provisioning infrastructure.
- Hands-on experience with Infrastructure as Code, using CloudFormation, Terraform, or other tools.
- Experience developing cloud native CI/CD workflows and tools, such as Jenkins, Bamboo, Code Deploy (AWS) and/or GitLab.
- Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology.
- Certifications such as CISM, CISSP, Solutions Architect Pro, DevOps Engineer Pro, SysOps Admin.
- Experience in financial services or other highly regulated industries.
- Experience with monitoring and log aggregating frameworks such as Kafka, Logstash, ElastiSearch, and Kibana.
- Experience implementing and designing cloud native security concepts or DevSecOps.
Physical Requirements & Working Conditions
- Works in an office environment involving sitting most of the time at a desk in front of a computer. The worker is subject to close visual acuity to perform activities such as preparing and analyzing data and viewing a computer screen to read and enter
- Travel Requirements – Less than 10% travel is required to perform the essential requirements for this role.
This is not necessarily an exhaustive list of all responsibilities, performance standards, measurements, skills or requirements associated with this job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require other or different tasks to be performed when circumstances change.