At Stack Overflow, our mission is to serve developers. Whether we’re helping developers get answers to their questions or find new jobs, we build products that make millions of developers’ lives better every day. Our newest product, Stack Overflow for Teams, allows teams to ask and answer questions on Stack Overflow in a private space. This puts security at the center of our company strategy.
As our first Director of Information Security, your job is to design, implement, and monitor a security program that keeps our customers’ information safe. You’ll work directly with the CTO to evaluate risk and make decisions that will drive the business forward. You’ll build relationships across the company and work collaboratively, combining your security expertise with our experienced teams to rapidly roll out new security mechanisms and controls. And you’ll interface with our clients, to give them absolute confidence that their data is safe with us.
What you’ll do:
- Design, implement and manage our overall information security program
- Collaborate with devs and site reliability engineers to identify threats and design technical controls
- Create and run security training programs for a variety of teams across the organization
- Maintain documentation of security controls and respond to inquiries from clients, regulators (including on GDPR), and other third-parties
- Work towards a goal of SOC 2 type II certification
What we're looking for:
- 5+ years of hands-on experience in information security
- 3+ years in a leadership role within information security, with a demonstrated ability to break down large problems and get things done
- Knowledgeable on a broad range of threats and security topics including secure software development practices, networking, encryption, cloud security, etc.
- Experience working in a technology company with fast-moving software development teams
- Experience implementing security compliance frameworks and processes such as ISO 27001/2, NIST, and SOC II
- Ability to work cross-team and communicate effectively with people from a variety of different backgrounds and different levels of security awareness
- Certifications (preferred): CISSP, CISM, CISA or CRISC
What you’ll get in return:
- Ability to work remotely, with flexible hours
- 20 days paid vacation + holidays
- Completely free health insurance - no copay, no premiums (US residents)
- Generous parental leave (10-16 weeks at 100% pay), family care leave, and unlimited sick days
- Employees will never be poked with a sharp stick