About OnPay

OnPay is a fast-growing software company headquartered in Atlanta offering a modern cloud-based payroll, HR, and benefits solution for small to mid-size businesses. Over the last year, our headcount has increased by 100%. We’re currently seeking talented and curious individuals to join our team. We want to hear from you if you are interested in joining an exciting and fast-growing company!

Job Summary:

As a SecOps Director, you will lead and ensure OnPay’s security posture, building protocols for security either early in the development cycle or as part of external application and tool adoption. As a senior thought leader in the organization, you will provide guardrails & guidance to software development teams, as well as mentoring & coaching on SecOps best practices.

Success in this role will include leadership and successful execution in the areas of vulnerability assessment and scanning, certificate management, password policy management, data analysis of security monitoring outputs, coordination of remediation plans, and other security and compliance efforts.

Role Responsibilities:

• Responsible for all facets of application and cloud security, working cross-functionally in a fast-paced environment, wearing multiple hats

• Oversee third-party risk management from a security perspective, as well as standard security programs such as vulnerability management, incident management, data protection, logging, and monitoring

• Act as audit liaison and ensure OnPay remains compliant with SOC2

• Work with Dev teams to drive the development of a unified strategy for secure development

• Create, promote and advocate corporate-wide security awareness programs

• Implement processes and methods for auditing and addressing non-compliance to information security standards

• Key stakeholder for security breaches and incidents associated with all systems and services

• Work with business leaders on data classification, security requirements, and exposure mitigation steps

• Accountable for proactively monitoring for intrusion attempts and all other security threats and implementing practices to safeguard OnPay’s data and technology assets

• Provide Security updates to Executive Team on an as-needed basis

• Monitor CVE and other available data feeds for potential cybersecurity vulnerabilities

Traits and Skills We Seek:

• Proactive, a self-starter, and able to work independently with minimal direction

• Strong collaborative and communicative mindset

• Exceptional verbal and written communication

• Innovative thinking and leadership

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.

• Specific experience in Agile software development or other best-in-class development practices

• Natural approach toward data-driven decisions

• Proven track record and success in leading a Security, including the development and implementation of security policies, procedures, and safeguards

Education and Experience:

• 7-10 years of Risk Management, InfoSec, IT, and/or Cyber Security experience in a SaaS environment with a Degree in a technology-related field

• Experience in establishing cybersecurity and risk metrics for reporting

• Experience working with other corporate areas to ensure compliance with all data security regulations with SOC2

• IT-GRC, GRC, CSOX, CSOXP, CISSP, or CISA certifications are a plus

• Experience with security tools and platforms, Endpoint and Server protection, Network protection, Firewalls, etc.

Perks:

• A casual team-oriented environment with a solid work/life balance and flexible work options
• Stock Options
• Four weeks of paid time off plus paid holidays and generous Parental Leave
• Medical, Dental, Vision, 401(k), Short-term/Long-term Disability, and Life Insurance
• On-site training at our Ponce City Market HQ
• Stocked kitchen with a variety of snacks and drinks
• Ponce City Market employee discounts & more!

OnPay is an equal-opportunity employer. OnPay makes all employment decisions without regard to gender, sexual orientation, gender identity, race, color, religion, age, pregnancy, national origin, veteran status, disability, or any other classification protected by applicable laws.