Job Description
Check Point’s Harmony SASE is looking for an Information Security Manager to join its staff.
This is a unique opportunity for you to work in the #1 worldwide Cyber Security Company, gain expertise and experience leading the information security program for the best of SASE (Secure Access Service Edge).
As Information Security Manager you will:
Governance, Risk & Compliance
- Lead and manage the Product Security team
- Build, operate, and continuously improve the Harmony SASE Information Security Management System (ISMS), aligning policies, standards, and controls with Check Point and industry best practices.
- Own the Harmony SASE compliance roadmap - lead and maintain certifications and attestations including ISO/IEC 27001, SOC 2 Type II, GDPR, IRAP and C5
- Lead enterprise risk assessments and the third-party / vendor risk program, ensuring risks are identified, prioritized, and treated.
- Coordinate internal and external audits, manage evidence collection, and remediate findings to closure.
Product & Application Security
- Develop and implement a comprehensive AI - Secure Software Development Lifecycle (AI S-SDLC) framework, embedding security into every phase of the SDLC and CI/CD pipelines.
- Conduct threat modeling and secure architecture reviews for new and existing Harmony SASE features, partnering with R&D to mitigate vulnerabilities by design.
- Operate the application security tooling stack - ASPM, SAST, DAST, SCA, AI Security Scanning and secret scanning - at scale, and partner with development teams to drive findings to remediation while maintaining developer productivity.
- Champion secure coding practices and OWASP Top 10 awareness across R&D.
Operational Security & Incident Response
- Lead security incident response for Harmony SASE - preparedness, detection, containment, eradication, recovery, and lessons-learned - covering both product and information security incidents.
- Oversee identity and access governance, ensuring least-privilege, segregation of duties, and access reviews across production and corporate environments.
- Design and operate security automation to enhance the efficiency and coverage of security operations.
Security Culture & Enablement
- Foster a culture of security awareness and continuous improvement; deliver targeted training for engineers, operations, and broader staff.
- Lead responses to customer security questionnaires, RFPs, and due-diligence requests, representing Harmony SASE’s security posture to customers and partners.
- Stay current on the evolving Threats Landscape, regulations, and technologies, and translate them into pragmatic improvements to the security program.
You’ll enjoy:
- Interact with executives, managers, engineers across the company
- Be the best security expert and knowledgeable you can imagine
- Sharing your day with fun, passionate, brilliant people
Qualifications
We are looking for you:
- Bachelor’s degree in computer science, Information Security, or related field.
- Minimum of 5 years of experience in information security or application/product security, with at least 2 year in a leadership role.
- Proven experience building or operating an Information Security Management System (ISMS) and leading certifications such as ISO/IEC 27001 and SOC 2.
- Working knowledge of GDPR, PCI-DSS, and NIST CSF / 800-53; familiarity with HIPAA, FedRAMP, DORA, Cyber Essentials, C5, IRAP, AI Security Frameworks and the Cloud Controls Matrix (CCM).
- Hands-on experience with S-SDLC, threat modeling, and application security tooling such as ASPM, SAST, and DAST in complex, high-scale environments.
- Strong understanding of risk management, third-party risk, identity and access governance, and incident response.
- Excellent communication and leadership skills, with the ability and passion to drive change across R&D and the broader organization.
- Reports to the Harmony SASE Head of Architecture (R&D Director) and partners closely with R&D, DevOps, IT, Legal, and the Check Point Corporate Security organization.
- Relevant certifications such as CISM (preferred), CISSP, CCSP, ISO 27001 Lead Auditor / Lead Implementer, CCSP or CSSLP are desirable.
- Proven experience in a similar role at another leading SaaS, cloud, or cyber security company.
#LI-NK2