|Date Posted||October 5, 2019|
The Vice President of Information Security will act as the company’s Chief Information Security Officer. This role is a highly visible and has the ability to shape the way our company functions and operates from a security perspective. The Vice President of Information Security, CISO will be empowered to implement information security compliance processes and procedures while also being the subject matter expert in all things security and will be part of the Executive Leadership Team.
What You'll Be Doing
- Accountable for company-wide strategy on information security practices, policies, procedures, staff, security compliance, budget, and the tactical execution of those strategies.
- Manage information security organization including hiring, performance management, and staff development.
- Collaborate as a peer with leaders of IT, Software Engineering, Software QA, Product Management, Legal, and other senior management to ensure all aspects of our security program are effectively implemented, reviewed, and maintained.
- Ensure compliance with security standards, audits, and regulatory requirements including FedRAMP, SSAE18 SOC2, ISO 27001/2, and the requirements of our clients and business partners.
- Provide input and support from the Information Security perspective on privacy laws and regulations including GDPR, CCPA and other related state and federal laws.
- Coordinate responses to customer security questionnaires, RFPs and Audits.
- Meet with customers as a peer to sales in establishing the company’s security systems and processes.
- Ownership of information security: compliance, operations, audits, third party provider compliance, and testing.
- Collaborate with Information Technology in support of Disaster Recovery and Business Continuity.
- Serve as primary liaison to key vendors, business partners, customers, and prospects on information security matters, including but not limited to possible mergers and acquisitions.
- Periodic reporting on our security program, material risks, etc. to executive management.
- Responsible for company-wide information security risk management, incident management, security education and other related topics as appropriate.
- Manage response to evolving security threats and compliance requirements.
- Function as CISO and other designated roles as required.
Required Education, Experience and Certifications
- MBA in a technology-related field, or equivalent work or education experience.
- A minimum of 10 years’ experience in an information or cyber security role including experience managing a successful team.
- Relevant certifications CISSP, CISA, CCISO, CIPM and CGEIT are desired, in lieu of at least 10 years in an Information / Cyber security and or IT Compliance leadership role.
- Preferable experience with NIST and/or FedRAMP Security Framework.
- Previous experience with mission critical 24/7 SaaS application.
- Proven track record and experience in development and execution of information security policies and procedures.
You will be responsible for maintaining and identifying opportunities to improve Company’s information security program. You will be required to periodically report out to the executive team on the organization’s security and risk posture.
The role requires both technical information security management experience and project / security program management experience.
Ideal Candidate Characteristics
The right candidate will describe themselves as:
- A take-ownership type of person - you love your job and pride yourself in doing it well
- You are motivated by challenging projects
- You like problem solving
- You see the big picture while not losing sight of the details
- You are intellectually inquisitive; you often find yourself Googling something for the fun of it
- You like to get things done and you like empowering others to get things done
- 10+ years’ experience in information security leadership role
- Experience in technology/engineering/computer science related field or relevant employment experience
- Experience managing any of the following security frameworks: FedRamp, NIST or ISO security or frameworks
- Demonstrable project management and team management experience
- At least one of the following certifications is preferred: CISSP, CISM, CIPM, CIPP, CFE, CISA or SANS GIAC. If not already maintained, Company is willing to support CISSP certification within 6 months of hire.