Security Manager

We Speak Safety and Efficiency:

In September of 2024, Bestpass, Fleetworthy, ExpressTruckTax and Drivewyze rebranded as Fleetworthy. This rebrand reflects our ongoing mission to simplify fleet safety, compliance, and toll management under one unified brand.

Fleetworthy is revolutionizing road safety and fleet management with a command center for safety, compliance, and efficiency. Our connected suite provides real-time insights and control, enabling customers to maximize efficiency, reduce risk, and save money.

With technology that unifies safety, compliance, toll management, weigh station bypass, and more, Fleetworthy empowers organizations to perform at their best. We simplify operations to ensure every vehicle and driver is not just compliant, but beyond compliant. Supporting millions of drivers and vehicles, Fleetworthy is leading a new era in road safety and fleet technology.  

At Fleetworthy, you’re in the driver’s seat!

We’re hiring a forward-looking Security Manager to lead and mature our security and compliance program. This is a managerial role that blends technical ownership, program leadership, and business-aligned risk management. The right candidate will take a risk-based approach to protect systems and data, drive continuous improvement, and own annual ISO 27001 and SOC 2 audit readiness and execution.

Core Responsibilities

Risk, Strategy & Program Leadership

• Define, maintain and evolve a risk-based security strategy and roadmap aligned to business objectives.

• Lead formal risk assessments, maintain a risk register, and prioritize remediation by business impact and likelihood.

• Translate risk decisions into measurable security initiatives and KPIs.

Compliance, Audits & GRC

• Own end-to-end ISO 27001 and SOC 2 programs and ensure timely completion of annual audits (internal and external).

• Coordinate audit planning, evidence collection, remediation tracking, and auditor liaison.

• Maintain policy acceptance and staff compliance using our GRC platform. Drive attestations, exceptions, corrective actions, and reporting.

• Prepare readiness assessments, internal audit schedules, and continuous monitoring to maintain certification and attestations.

• Host Incident Response Tabletops aligned with our ISMS IR policy.

Policy & Standards Management

• Create, revise and operationalize security policies, standards and procedures to ensure they are functional, enforceable, and compliant with ISO 27001, SOC 2 and applicable laws/regulations.

• Ensure policies reflect operational realities (performance, availability, business workflows) while meeting security and compliance objectives.

• Run the policy lifecycle: drafting, stakeholder review, approval, publishing, implementation, training and periodic review.

Technical Program & Operations

• Serve as the company’s primary internal and external representative for security concerns, events, and incident response activities.

• Oversee vulnerability management, patching, endpoint protection, identity & access management, and cloud security controls across on-prem and cloud environments in collaboration with our IT Support team.

• Define security requirements and review system designs, including cloud (AWS/Azure/GCP) and hybrid architectures.

• Partner with IT and Development to ensure secure system configuration, logging, monitoring, and incident readiness.

• Lead security incident response coordination, post-incident reviews and remediation ownership.

People & Cross-Functional Collaboration

• Mentor, and grow security team members; set clear objectives and career development plans.

• Act as the security liaison to the business to align security with business priorities.

• Oversee third-party/vendor risk assessments and security requirements for procurement.

• Meet with customers to address security & compliance questions.

Other

• Own budgeting and sourcing of security tools and services.

• Execute other duties typical of a security manager as required.

Skills & Qualifications

Required

• 5+ years of hands-on security experience with at least 2 years in a security leadership or manager role.

• Demonstrated experience owning ISO 27001 and SOC2 programs, including successful audit cycles and remediation.

• Strong practical knowledge of risk management frameworks and a documented, risk-based decision process.

• Hands-on familiarity with cloud platforms (AWS, Azure), identity & access management, endpoint protection, SIEM/EDR and vulnerability scanning.

• Experience with GRC platforms and running policy attestation workflows (eg; Drata, Vanta, etc)

• Excellent written and verbal communication skills. Ability to author clear, enforceable policies and communicate risk to technical and executive audiences.

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)

Preferred

• Professional certifications such as CISSP, CISM, CISA, or ISO27001 Lead Implementor/Auditor.

• Prior experience supporting hybrid environments (on-prem + cloud) and virtual infrastructure (VMware).

• Familiarity with SOC2 auditor expectations, control mapping, and evidence generation.

• Experience with automation, scripting, and security tooling integrations.

Compensation

Up to $105,000 USD Yearly