Make a game-changing next move.

Learn more about the opportunities in Coatue's portfolio.
192
companies
6,094
Jobs

Senior Director, Information Security

OneTrust

OneTrust

IT
Atlanta, GA, USA
Posted on Thursday, February 1, 2024

Strength in Trust

OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. Over 14,000 customers use OneTrust's technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.

The Challenge

As a cloud only SaaS platform, product security is at the forefront of what we do. We strive to build products that are Secure by Design. The Sr. Director of Information Security (GRC) is responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. This position requires strong written and oral communication skills, as well as the ability to communicate detailed technical information in a manner comprehensible by individuals at varying degrees of experience and skill. The role requires the ability to speak confidently in front of large groups and with senior management, vendors, and service providers. The Sr. Director of Information Security provides leadership and contributes to the IT security strategy and roadmap. Strong program, people and project management skills are required.

Your Mission

  • The Sr. Director of Information Security reports to the Chief Information Security Officer and is responsible for day-to-day operations to support and augment the CISO’s
  • BA/BS in Computer Science, Engineering, Math, or related subject
  • 15+ years of hands-on information security; security-related cloud operations
  • Security standard methodologies and concepts
  • Preferred certifications: CISSP, CCSP, SSCP, etc.
  • Microsoft Azure experience preferred.
  • Critical thinking, problem-solving, and decision-making capabilities
  • Strong visionary skills to excel in a complex and rapidly evolving environment
  • overall responsibilities.
  • Acts as the functional lead for all activities in the Governance Risk and Compliance (GRC) organization.
  • Builds a growing team of cross functional information security and operations professionals to ensure security issues in our products are detected early and remediated quickly.
  • Provides strategic planning, organization, and technical guidance to GRC department.
  • Is responsible for many functions within the Info Security organization. Such as: Vendor and Customer security, 3rd party risk management, internal risk management, internal and external audits (PCI, ISO, HITRUST, SOC 2, etc.), security policy management, contract reviews, security questionnaires and RFP’s, BCP/DR, security awareness training, etc.
  • Defines technical standards, policies, and procedures for each department to ensure consistency and compliance.
  • Works directly with business units to facilitate risk assessment and risk management processes.
  • Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
  • Partners with stakeholders across the company to raise awareness of risk management concerns.
  • Assists with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
  • Fosters a culture of collaboration, innovation, and continuous improvement within each department.
  • Leads risk remediation analysis and activities identified by internal and external audits.
  • Applies security principles, theories, and concepts to job assignments. Solves a diverse range of complex problems working with limited direction.
  • Oversees the daily operations and activities of the Security Governance, Risk and Compliance (GRC) organization.
  • Works cross-functionally with Core Teams to apply polices to provide end-to-end security within the enterprise environment, software development lifecycle, including product security, IAM, networking, storage, databases, logging, and CI/CD pipelines.
  • Develops information security strategies and roadmaps based on risk management practices aligning to business needs.
  • Proactively assessing and identifying information security risk, effectively communicating findings, and follow established risk management processes.
  • Reviews and assess the effectiveness of security controls, processes, and technologies implemented by each department.
  • Collaborates with department heads to optimize resource allocation, budget planning, and staffing requirements.
  • Oversees multiple audits throughout the year. Works with external and internal auditors to maintain compliance and certifications.
  • Oversees penetration testing activities to evaluate the security of applications, systems, and networks.
  • Collaborates with department heads on risk evaluations and logging issues, risks and exceptions in our GRC platform
  • Leads the investigation and resolution of complex security incidents, ensuring lessons learned and continuous improvement.
  • Identifies opportunities to improve, evangelize, and embed security standards and processes into existing processes to ensure standardization of project implementation.
  • Documents detailed security needs and baselines for current and future enterprise environments
  • Tracks and shares emerging security practices and standards by participating in educational opportunities, reading professional publications, and participating in professional organizations.
  • Subject matter expert in security-related matters, representing the organization in external forums, conferences, and industry working groups.
  • Works with technology vendors to explore opportunities to add value to the enterprise environments.

You Are

  • Technology oriented: You may not be the only hands involved in a project, but you don’t mind getting involved and have deep understanding of current trends and technologies.
  • A Relationship builder: Ability to listen, build rapport, and credibility as a strategic partner vertically within the business unit, as well as with leadership and functional teams.
  • A Strategic thinker: Ability to map joint organizational vision and long-term thinking, imagination, and idea generation.
  • Detail oriented with an eye for quality
  • College BS/BA degree, progressive educational certificate, or equivalent
  • 15+ years of experience in Information Security-specifically in Governance, Risk and Compliance.
  • Audit experience.
  • Risk management experience.
  • Policy writing experience.
  • Experience reviewing contracts for security language and terms, reviews of MSA’s, NDA’s, SOW’s, etc.
  • Business Continuity and Disaster Recovery Planning and Execution experience
  • Customer and vendor security, 3rd party risk.
  • 6+ years as a people leader.

Extra Impressive

  • BA/BS in Computer Science, Engineering, Math, or related subject
  • 15+ years of hands-on information security; security-related cloud operations
  • Security standard methodologies and concepts
  • Preferred certifications: CISSP, CCSP, SSCP, etc.
  • Microsoft Azure experience preferred.
  • Critical thinking, problem-solving, and decision-making capabilities
  • Strong visionary skills to excel in a complex and rapidly evolving environment

For California, Colorado, Connecticut, Nevada, New York, Rhode Island, and Washington-based candidates: the annual base pay range for this role is listed below. Within this range, individual pay is determined by several factors, including location, job-related skills, work experience, and relevant education and/or training. This role may also be eligible for discretionary bonuses, equity, and/or commissions, as well as benefits.

Salary Range
$225,500$338,225 USD

Benefits

As an employee at OneTrust, you will be part of the OneTeam. That means you’ll receive support physically, mentally, and emotionally so that you can do your best work both in and out of the office. This includes comprehensive healthcare coverage, remote or hybrid workplace flexibility, flexible PTO, equity stock options, annual performance bonus opportunities, retirement account support, 14+ weeks of paid parental leave, career development opportunities, company-paid privacy certification exam fees, and much more. Specific benefits differ by country. For more information, talk to your recruiter or visit onetrust.com/careers.

Resources

Check out the following to learn more about OneTrust and its people:

Your Data

You have the right to have your personal data updated or removed. You also have the right to have a copy of the information OneTrust holds about you. Further details about these rights are available on the website in our Privacy Overview. You can change your mind at any time and have your personal data removed from our database. In order to do this you must contact us and let us know you wish to be removed. The request should be made on the Data Subject Request Form.

Our Commitment to You

When you join OneTrust you are stepping onto a launching pad — the countdown has begun. The destination? A career without boundaries working alongside a diverse and inclusive crew who is passionate about doing meaningful work. As a pioneer, your voice and expertise will help chart the direction of an entirely new industry — Trust. Our commitment to putting people first starts with you. Your growth is part of the mission. Our goal is to give you the power to embark on the next phase of your uniquely, unique career

OneTrust provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by local laws.