Job Title: VP, Security & Platform Engineering
Location: New York, USA
Salary: $200k – $250K
Reporting to the Chief Technology Officer, the VP, and Security & Platform Engineering is responsible for the development of the company’s DevOps, Security and Compliance strategies. The role of VP, Platform Engineering is to provide the leadership and guidance necessary for an organization to manage the risks to the confidentiality, integrity and availability of the organization’s intellectual property, security and system operations.
The position oversees the DevOps, Security and Compliance departments, and is also responsible for design and implementation of preventative security standards, procedures, and programs as well as IPO readiness compliance measures across system, vendor and infrastructure concerns.
- Oversee a team of DevOps, SecOps and Compliance professionals, whose mandate is to manage risk and safeguard the company’s assets, intellectual property and cloud-based infrastructure and adhere to any compliance requirements.
- Establish and maintain global security policies, standards and guidelines and implement process and procedure to ensure an acceptable risk level is maintained. Information protection responsibilities will include network security architecture, network access and monitoring, data access and monitoring, identity and access management, employee education and awareness.
- Review and approve security and compliance policies and controls to manage risk, such as, but not limited to, data loss prevention, identity and access management, fraud prevention, intrusion and penetration management, privacy and compliance and business continuity planning.
- Identify and approve the selection and design of security, compliance, systems, tools and devices, and maintain ongoing supp m’ ort and currency of such processes, systems, tools and devices.
- Liaise with the Engineering, Product, QA and Information Delivery teams to ensure that developments are consistent and compliant with compliant Change Control, Software Development Life Cycle and Risk Management policies and processes.
- Establish and manage the Information Security and Risk Management Strategy, inclusive of the Incident Response Policy and Process in partnership with our IT Team.
- Oversee incident response planning as it pertains to the security and compliance landscape.
- Investigate security breaches and participate in disciplinary and legal matters associated with such breaches as necessary. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
- Maintain current understanding of security standards and regulations and ensure compliance with the changing laws and applicable regulations; translates that knowledge to identification of risks and actionable plans to protect the business.
- 12+ years of relevant professional experience, with a minimum of 8 years in a leadership role with direct technical responsibility at either a best-in-class enterprise or high growth startup with proven experience hiring, training, and managing effective teams.
- Experience in IPO readiness; particularly compliance across the areas of systems, vendors and infrastructure.
- Proven ability to communicate and collaborate effectively with engineers and non-engineering stakeholders alike across varying levels of seniority with excellent communication, adaptability and collaboration skills.