Vice President, Information Security, new York
Vice President, Information Security, you will be responsible for creating and managing a global, enterprise wide security program to ensure that our information assets are adequately protected. Reporting directly to our Chief Technology Officer, you will create strategy, policies and frameworks as they relate to application security, infrastructure security, and compliance and security operations.
- Serve as cybersecurity risk and subject matter expert and advisor for senior management on emerging threats, attacks, vulnerabilities and security concerns
- Cyber risk and cyber intelligence: Be aware of the developing security threats, and help the board understand the potential security problems that might arise from acquisitions or other big business moves.
- Experience with compliance to frameworks such as SOC-2 Type 2, CCPA, GDPR and ISO/IEC 27001 and such programs.
- Contract reviews. Creation of customer facing security collateral, respond to customer’s security related questions, support sales and other customer facing teams.
- Data protection is of utmost importance. Ensure compliance with data privacy, use and sharing. Ensure data access is highly controlled and is for permitted use.
- Champion secure multi-tenant SaaS architecture practices. Develop threat models and engage in ongoing development discussions on secure architecture.
- Develop a world class security team with an agile, nimble and secure mindset.
- Work with the global engineering team to ensure alignment between security and development practices. Operationalize a security tool stack and secure SDLC.
- Ensure ongoing penetration testing with existing and new product launches
- Threat monitoring and response to security threats emanating from external or internal factors.
- Security Incident Management.
- Direct Corporate IT Security and secure computing in the workplace.
- Bachelor’s degree in Computer Science or similar technical field, Masters preferred.
- Professional certification in security or risk management such as CISSP and CISM
- 12+ years of proven IT security experience with 4+ years in a senior leadership role
- Prefer someone with a technical background through application or infrastructure vs. compliance and program management.
- Experience with software/SaaS multi-tenant products is a huge plus.
- Ability to lead and motivate cross-functional teams while thriving in a fast-paced growing company
- Experience in identifying security issues and risks, and developing mitigation plans
- Designing, implementing, and enforcing security programs
- Excellent communication, interpersonal and leadership skills, able to communicate security concepts to both technical and nontechnical audience
- We are looking for a critical thinker, with strong problem-solving skills. Someone who can build an awesome security function, which drives action through strong advocacy and importance of security vs. being a security cop!
- We have a globally distributed client base and engineering team. Experience working with and embracing the global nature of our business is imperative.
- Ability to have fun, kick back and inspire!
- Firewalls, intrusion detection software and network authorization configurations. Experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
- Experience in scripting / programming experience such as Ruby, Python, Shell/BASH etc.
- 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, threat modeling, pen tests, or vulnerability assessments
- Understanding of data security at rest and in motion, data entitlement, data privacy controls, data audibility, data expiration and data sharing, Identity & Access Management, SaaS Models, Identity Federation etc
If you would like to be considered for this positon, please send a copy of your CV to firstname.lastname@example.org