The Challenge

As a cloud only SaaS platform, product security is at the forefront of what we do. We strive to build products that are Secure by Design. The Sr. Director of Information Security (GRC) is responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. This position requires strong written and oral communication skills, as well as the ability to communicate detailed technical information in a manner comprehensible by individuals at varying degrees of experience and skill. The role requires the ability to speak confidently in front of large groups and with senior management, vendors, and service providers. The Sr. Director of Information Security provides leadership and contributes to the IT security strategy and roadmap. Strong program, people and project management skills are required.

Your Mission

• The Sr. Director of Information Security reports to the Chief Information Security Officer and is responsible for day-to-day operations to support and augment the CISO’s
• BA/BS in Computer Science, Engineering, Math, or related subject
• 15+ years of hands-on information security; security-related cloud operations
• Security standard methodologies and concepts
• Preferred certifications: CISSP, CCSP, SSCP, etc.
• Microsoft Azure experience preferred.
• Critical thinking, problem-solving, and decision-making capabilities
• Strong visionary skills to excel in a complex and rapidly evolving environment
• overall responsibilities.
• Acts as the functional lead for all activities in the Governance Risk and Compliance (GRC) organization.
• Builds a growing team of cross functional information security and operations professionals to ensure security issues in our products are detected early and remediated quickly.
• Provides strategic planning, organization, and technical guidance to GRC department.
• Is responsible for many functions within the Info Security organization. Such as: Vendor and Customer security, 3rd party risk management, internal risk management, internal and external audits (PCI, ISO, HITRUST, SOC 2, etc.), security policy management, contract reviews, security questionnaires and RFP’s, BCP/DR, security awareness training, etc.
• Defines technical standards, policies, and procedures for each department to ensure consistency and compliance.
• Works directly with business units to facilitate risk assessment and risk management processes.
• Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
• Partners with stakeholders across the company to raise awareness of risk management concerns.
• Assists with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
• Fosters a culture of collaboration, innovation, and continuous improvement within each department.
• Leads risk remediation analysis and activities identified by internal and external audits.
• Applies security principles, theories, and concepts to job assignments. Solves a diverse range of complex problems working with limited direction.
• Oversees the daily operations and activities of the Security Governance, Risk and Compliance (GRC) organization.
• Works cross-functionally with Core Teams to apply polices to provide end-to-end security within the enterprise environment, software development lifecycle, including product security, IAM, networking, storage, databases, logging, and CI/CD pipelines.
• Develops information security strategies and roadmaps based on risk management practices aligning to business needs.
• Proactively assessing and identifying information security risk, effectively communicating findings, and follow established risk management processes.
• Reviews and assess the effectiveness of security controls, processes, and technologies implemented by each department.
• Collaborates with department heads to optimize resource allocation, budget planning, and staffing requirements.
• Oversees multiple audits throughout the year. Works with external and internal auditors to maintain compliance and certifications.
• Oversees penetration testing activities to evaluate the security of applications, systems, and networks.
• Collaborates with department heads on risk evaluations and logging issues, risks and exceptions in our GRC platform
• Leads the investigation and resolution of complex security incidents, ensuring lessons learned and continuous improvement.
• Identifies opportunities to improve, evangelize, and embed security standards and processes into existing processes to ensure standardization of project implementation.
• Documents detailed security needs and baselines for current and future enterprise environments
• Tracks and shares emerging security practices and standards by participating in educational opportunities, reading professional publications, and participating in professional organizations.
• Subject matter expert in security-related matters, representing the organization in external forums, conferences, and industry working groups.
• Works with technology vendors to explore opportunities to add value to the enterprise environments.

You Are

• Technology oriented: You may not be the only hands involved in a project, but you don’t mind getting involved and have deep understanding of current trends and technologies.
• A Relationship builder: Ability to listen, build rapport, and credibility as a strategic partner vertically within the business unit, as well as with leadership and functional teams.
• A Strategic thinker: Ability to map joint organizational vision and long-term thinking, imagination, and idea generation.
• Detail oriented with an eye for quality
• College BS/BA degree, progressive educational certificate, or equivalent
• 15+ years of experience in Information Security-specifically in Governance, Risk and Compliance.
• Audit experience.
• Risk management experience.
• Policy writing experience.
• Experience reviewing contracts for security language and terms, reviews of MSA’s, NDA’s, SOW’s, etc.
• Business Continuity and Disaster Recovery Planning and Execution experience
• Customer and vendor security, 3rd party risk.
• 6+ years as a people leader.

Extra Impressive

• BA/BS in Computer Science, Engineering, Math, or related subject
• 15+ years of hands-on information security; security-related cloud operations
• Security standard methodologies and concepts
• Preferred certifications: CISSP, CCSP, SSCP, etc.
• Microsoft Azure experience preferred.
• Critical thinking, problem-solving, and decision-making capabilities
• Strong visionary skills to excel in a complex and rapidly evolving environment