What You’ll Be Doing
Develop and maintain-multi year security risk management capability roadmap
Build and mature policy and control framework supporting various standards including ISO 27001:2013, SOC 2, GDPR, and data protection laws.
Manage and improve our customer-acing processes including due diligence questionnaires, supporting our sales cycle, and security contract negotiations
Lead and improve IT Security initiatives including Identity Lifecycle Management, Endpoint Security, DLP, Security of SaaS services in cloud environment
Drive continuous improvement to third party risk assessment
Maintain and mature comprehensive security awareness and training programs
Ensure the security of the organization’s financial, physical and intangible assets through a balanced, holistic and integrated approach to the following: People, Process, and Technology
Lead our effort to create and enhance ITGC (Information Technology General Controls) compliance
Collaborates with security vendors, safety, facilities, leadership and human resources to resolve security related matters and issues as necessary
Lead development of Security KPIs and metrics to track security program effectiveness
Qualifications
Proven leader with a track record of building, growing and mentoring teams to drive results
4-6 years of security experience in relevant security domains (compliance, IT security, security risk management, etc)
Thorough understanding of security principles in a SaaS environment, what it takes to secure data, and how to communicate security concepts to customers and stakeholders
Deep understanding of ISO 27001:2013 and SOC 2 reporting
Solid fundamentals in Endpoint Security, Cloud Security and Securing SaaS services.
Understanding of user access management on SaaS platforms – experience with Okta an advantage
Ability to analyze information security events, identify threats, and articulate findings
Ability to work both independently and within a team
Experience in developing security policies, procedures, and operational working instructions
Experience recruiting and building out high performing security teams – an advantage
Incident response experience – an advantage
Native English speaker with excellent written and oral communication skills – an advantage