Security Manager

Fleetworthy offers the only complete technology suite for fleet readiness, uniting safety and compliance, toll management, and weigh station bypass solutions. We help fleets streamline operations, control costs, and operate with confidence. 
 
Trusted by 75% of the top fleets in North America, Fleetworthy offers the most adopted toll management solution and largest weigh station bypass network. Going beyond regulatory requirements, our safety and compliance capabilities strengthen safety programs and enable proactive audit readiness. We support millions of vehicles and drivers and are recognized across the industry for innovation and leadership. 
 
Fleetworthy is shaping the future of fleet readiness with AI-enabled, connected fleet technology that keeps drivers safe, fleets compliant, and operations running at peak efficiency. Learn more at fleetworthy.com.

We’re hiring a forward-looking Security Manager to lead and mature our security and compliance program. This is a managerial role that blends technical ownership, program leadership, and business-aligned risk management. The right candidate will take a risk-based approach to protect systems and data, drive continuous improvement, and own annual ISO 27001 and SOC 2 audit readiness and execution.

Core Responsibilities

Risk, Strategy & Program Leadership

• Define, maintain and evolve a risk-based security strategy and roadmap aligned to business objectives.
• Lead formal risk assessments, maintain a risk register, and prioritize remediation by business impact and likelihood.
• Translate risk decisions into measurable security initiatives and KPIs.

Compliance, Audits & GRC

• Own end-to-end ISO 27001 and SOC 2 programs and ensure timely completion of annual audits (internal and external).
• Coordinate audit planning, evidence collection, remediation tracking, and auditor liaison.
• Maintain policy acceptance and staff compliance using our GRC platform. Drive attestations, exceptions, corrective actions, and reporting.
• Prepare readiness assessments, internal audit schedules, and continuous monitoring to maintain certification and attestations.
• Host Incident Response Tabletops aligned with our ISMS IR policy.

Policy & Standards Management

• Create, revise and operationalize security policies, standards and procedures to ensure they are functional, enforceable, and compliant with ISO 27001, SOC 2 and applicable laws/regulations.
• Ensure policies reflect operational realities (performance, availability, business workflows) while meeting security and compliance objectives.
• Run the policy lifecycle: drafting, stakeholder review, approval, publishing, implementation, training and periodic review.

Technical Program & Operations

• Serve as the company’s primary internal and external representative for security concerns, events, and incident response activities.
• Oversee vulnerability management, patching, endpoint protection, identity & access management, and cloud security controls across on-prem and cloud environments in collaboration with our IT Support team.
• Define security requirements and review system designs, including cloud (AWS/Azure/GCP) and hybrid architectures.
• Partner with IT and Development to ensure secure system configuration, logging, monitoring, and incident readiness.
• Lead security incident response coordination, post-incident reviews and remediation ownership.

People & Cross-Functional Collaboration

• Mentor, and grow security team members; set clear objectives and career development plans.
• Act as the security liaison to the business to align security with business priorities.
• Oversee third-party/vendor risk assessments and security requirements for procurement.
• Meet with customers to address security & compliance questions.

Other

• Own budgeting and sourcing of security tools and services.
• Execute other duties typical of a security manager as required. 

Skills & Qualifications

Required

• 5+ years of hands-on security experience with at least 2 years in a security leadership or manager role.
• Demonstrated experience owning ISO 27001 and SOC2 programs, including successful audit cycles and remediation.
• Strong practical knowledge of risk management frameworks and a documented, risk-based decision process.
• Hands-on familiarity with cloud platforms (AWS, Azure), identity & access management, endpoint protection, SIEM/EDR and vulnerability scanning.
• Experience with GRC platforms and running policy attestation workflows (eg; Drata, Vanta, etc)
• Excellent written and verbal communication skills. Ability to author clear, enforceable policies and communicate risk to technical and executive audiences.
• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)

Preferred

• Professional certifications such as CISSP, CISM, CISA, or ISO27001 Lead Implementor/Auditor.
• Prior experience supporting hybrid environments (on-prem + cloud) and virtual infrastructure (VMware).
• Familiarity with SOC2 auditor expectations, control mapping, and evidence generation.
• Experience with automation, scripting, and security tooling integrations.

Compensation

Up to $105,000 USD Yearly 

Fleetworthy is committed to fostering a diverse and inclusive culture that is respectful and welcoming of individual differences. We are proud to be an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or maternity status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations.