Find More Than 10K+
United Kingdom Jobs

About L2L

L2L is a leading SaaS platform for global manufacturers. We help these manufacturers digitize their processes

to improve efficiency, reliability, and profitability. Our platform improves operating productivity for over 175,000

users across the globe, helping them reduce machine downtime, improve response time to production issues,

and reduce the cost of overall plant management. L2L is backed by M33 Growth, a growth-focused private

equity firm in Boston Massachusetts that provides both capital and resources to develop already-great

businesses into market leaders.

About the Role

We seek an experienced Information Security and Technology professional, based in the greater Salt Lake

City, Utah area, to own and manage our SOC 2 Type 2 - NIST 800-171 compliance program and various

internal IT processes. The successful candidate will ensure the company is compliant through efficient and

streamlined internal systems and processes while understanding the larger business needs and objectives.

This position will be responsible for administering our Drata GRC solution, used in monitoring and tracking

controls compliance. This position will ensure the IT system administration for our various systems follows our

policies and procedures. The ideal candidate will have a passion for security, attention to detail, and strong

communication skills to effectively communicate our compliance status with internal employees and customers.

Prior experience in SOC 2, NIST 800-171, and FedRAMP frameworks and associated processes is required.

You will work cross-functionally with the leaders of the finance, sales, marketing, support, product, and

engineering teams to ensure the processes are streamlined and evidence collection is as automated as

possible to maintain our compliance.

This is a remote work position for candidates in the greater Salt Lake City, Utah area where a large part of our

Engineering team is located.

What you’ll do:

• Accountable for our Comprehensive Information Security / Cybersecurity Program

• Evaluate cyber security threats, risks, vulnerabilities, and processes to determine the relative

risk to the product, system, and organization.

• Lead information security risk assessments and control selection activities.

• Perform pen-testing and other security-related audits.

• Monitor audit results to identify findings and potential risks.

• Work to resolve findings with various control owners.

• Effectively manage up to the CTO and Executive team – present plans, strategies, and

proposals for additional budgetary spend.

• Accountable for Compliance Related Programs and Activities

• Accountable for ongoing compliance and audit activities.

• Utilize automation to reduce the manual overhead associated with audits and compliance.

• Maintain SOC 2 + NIST 800-171 compliance and any additional compliance activities.

• Own Processes and Tools

• Establish and maintain all security-related processes, policies, and procedures.

• Accountable for our core security toolset (Drata, AWS Security Hub / Inspector, etc.)

• Support Customer Security Reviews

• Educate customers on our compliance program during the sales cycle.

• Work with customers to complete security reviews, audits, and questionnaires

• Drive InfoSec Culture

• Educate and evangelize the importance and benefits of security to company employees to

inspire adoption, responsible behavior, and lower security risk.

• Drive continuous improvement by updating our security-related initiatives and priorities as new

information becomes available.

• Drive IT System Administration Program

• Establish and maintain a corporate System Administration Program

• Work with various system administrators in the company to ensure we follow best practices and

security policies.

• Act as an administrator for common corporate systems without an assigned admin.

What you need:

• A strong, passionate, optimistic, team player with a "will do" attitude that is contagious.

• Must have a strong sense of urgency and a continuous improvement mentality.

• Leadership competencies with the ability to influence key stakeholders and work closely with them to

determine acceptable solutions.

• Strong organizational, communication, and presentation skills, both verbal and in writing.

• Experience leading information security programs at a software company utilizing the AWS cloud

security tools and services.

Qualifications

• Bachelor's Degree (or equivalent experience) – Computer Science, Engineering, Information

Technology, or related discipline.

• A minimum of 5 years of experience in Information Security

• 2+ years of experience using Drata’s GRC solution.

• 2+ years of security auditing experience

• Prior experience with SOC2, NIST 800-171, and FedRAMP compliance

• Must have a solid understanding of data privacy laws (GDPR, CCPA, etc.)

• Security-related certification (CISSP/CISM/CRISC)

• IoT & edge device experience is a plus.

To Apply

Please email your resume to [email protected]