Information Security Manager
Who We Are
DISCO is a legal tech software company. Our objective is to own the legal tech market and become the leader in legal as Salesforce has done in the sales technology space. Given the massive growth of data over the last 20 years, poorly built legal technology products have severely decreased lawyers ability to practice law.
Our fundamental mission includes building a unified technology platform for the practice of law, composed of 7+ products released over the next 10 years. Great technology can solve problems of scale in data, in laws, and in business operations that have distracted lawyers from doing what they went to law school to do. DISCO is fixing the law by automating the parts of the practice that can be automated so that great lawyers can focus on tasks that really do require human legal judgment.
To date, we have substantially disrupted the legal tech market with a lawyer inspired consumer-grade interface and a cloud-enabled technology platform that offers unprecedented performance and cost savings. Thoughtful product planning and product design are core tenants in our “product first” business strategy and culture.
We intend to build a multi-billion dollar business and think you should come along for the ride because:
- DISCO is a very successful company more than doubling revenue every year for the last 5 years. We were the first movers to a cloud-based platform that has caused mass disruption within our market.
- Our CEO is a true market visionary. He graduated with a computer science degree at the age of 15 and followed with a JD from Harvard Law School at the age of 19. His unparalleled insights into the fundamental issues in legal and the potential of technology and artificial intelligence to change our market at its core provide the guiding light for DISCO’s long-term strategy.
- We believe that product delivery professionals including product managers, product designers and engineers differ from one another by at least a factor of 10. At DISCO, we only hire the top 1%, pay them well, and with equity, everyone has effectively been getting a raise each and every day. Given our product first mindset, product professionals are very much stars of the show. Our logo, the circle and square, represents the best lawyers and the best product professionals in the world.
- We measure product delivery velocity by dollars of revenue per line of code, vs simply lines of code. This drives a very thoughtful and deliberate product design and development process that ensures we’re going to make money when we ship products. We hire many more product managers and designers per engineer than most companies to ensure that our engineers have a disambiguated product intent when they are building.
- As a rule, we don’t commit to external product delivery dates as we believe that unnecessarily constrains our creativity from both a product and technology point of view.
- At DISCO respect isn’t earned at DISCO it is assumed. Good humans inherently treat everyone respectfully. This is a very important concept at DISCO.
- Given the high level of talent at DISCO, the cutting-edge cloud-based technology stack, and thoughtful and novel product and design approach, you’ll find yourself learning at a rate you’ve not likely experienced in your career. Given that we only hire professionals that are passionate about their craft, you’ll truly enjoy building a great software product and get in the best “career shape” of your life.
- Over the next 4 years, we’ll be growing our product delivery organization from 85 professional to 500+. There will be incredible growth opportunities along the way.
- We use the “2 Pizza Team” organization design where small autonomous teams own a piece of a product or platform and ship software at rates comparable to a very lean and scrappy startup. We achieve consistency across these teams in the areas of design, product-wide use cases and technical concerns through a strategically focused set of overlay functions.
- Finally, while we’re an incredibly fast growing organization, as a rule, we do not work crazy long hours. We believe in continuous product delivery, continuous product planning and design, continuous regular sleep schedules, continuous regular vacation, and continuous fun if you’re passionate about your craft.
If you want to win while getting better than you’ve ever been, come to DISCO.
Security is an ever-changing landscape and we have to always adapt. We are on a mission to protect our customers sensitive data by thoughtful automation of traditionally manual efforts so that we can focus on meaningful security improvements and monitoring.
What You'll Do
Assess and protect information by:
- Handling incoming Information Security Assessment requests from Sales and Vendors including Master Service Agreements reviews.
- Managing the documentation of Policies, Procedures, and Controls in our compliance management systems (e.g. JupiterOne).
- Handling evidence coordination for: recertification, new certifications, internal audits, and vendor assessments.
- Coordinating the collection of Vulnerabilities in a consolidated manner, and then prioritize (e.g. scored using CVE methods) them in a backlog by risk, and assigning them to the right group(s), and reporting on status.
- Managing Disco (outgoing) 3rd Party Vendors with new and recurring security assessments.
Who You Are
- Have attained a lead certification of SOC 2 and ISO 27001 efforts.
- Experience with Information Security governance processes, tools, reporting, and documentation.
- Experience with cost/benefit analysis in a cloud setting (e.g. AWS, Google, Azure, etc).
- Experience coordinating tasks to complete 3rd Party Assessments.
- Experience with one or more of the following standards/frameworks: HIPPA HITRUST, NIST 800-53, GDPR, California Privacy (CCPA), Texas Medical and Identity Privacy Acts.
- Experience with Risk Management in both a compliance and security context.
- Experience writing Policies, Procedures, and Controls in one or more standards/frameworks.
Even Better If You Have...
- Or aspire to have a Certified Information Security Manager (CISM) certification.
- Exposure to International Traffic in Arms (ITAR) regulations.
- Used an Asset Database to govern compliance and security concerns.
- Experience with automation evidence collection and documentation publication.
- Experience protecting controlled unclassified information in non-Federal systems and organizations (e.g. NIST 800-171).
DISCO’s Technology Stack
Cloud Provider - AWS: EC2, Lambda, Aurora, Redshift, DynamoDB, ECS, SQS, SNS, Kinesis, S3, CloudFront, CloudFormation, SageMaker, KMS, CodePipeline, etc.
DSL-based Search: multiple large scale Elasticsearch Clusters searched using our Disco Query Language (DQL).
Event Bus: Kafka and Schema Registry
3rd Party Vendors: Redis, Auth0 for Cloud Identity Federation (SSO, SAML, etc).
AI: MinHash, FastText, Word2Vec, Convolution Neural Nets, Algorithmia (Lambda with GPUs) for training, PyTorch, Recurrent Neural Networks, Latent Dirichlet Allocation for Topic Modeling, etc.
Deployment: Terraform, Docker (via ECS), Consul for: App Config, Service Discovery, Shared Secrets.
Visibility: ELK Stack for logging, Datadog, New Relic, Sentry.io
Transport Mechanisms: Protobuf, Avro, HTTP Rest/JSON
CI/CD: Jenkins, CodePipeline, GitHub, Artifactory
DISCO is a recognized leader in legal technology — and we’re just getting started.
Founded in 2012, DISCO’s mission is to create great technology to modernize the practice of law. Our solutions apply artificial intelligence and cloud computing to help lawyers and legal teams improve legal outcomes for their clients. Corporate legal departments, law firms, and government agencies around the world use DISCO as their ediscovery solution for compliance, disputes, and investigations.
Annual company revenues have more than doubled every year since our founding. We have raised more than $135 million in venture capital, more than any other enterprise legaltech company. We are using this investment to accelerate growth in the $12.5 billion ediscovery market — and to expand our platform beyond ediscovery, applying our unique combination of world-class engineering and deep legal expertise to build products that will transform other areas of legal practice. We opened our London office in 2018 and have plans to further expand our presence outside the United States.
Are you ready to revolutionize the practice of law? Join us!
Perks of DISCO
- Open, inclusive, and fun environment
- Benefits, including medical, dental and vision insurance, as well as 401K
- Competitive salary plus discretionary bonus
- Flexible PTO
- Free catered lunches every day as well as free snacks and beverages
- Opportunity to be a part of a startup that is revolutionizing the legal industry
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.