Help drive the security posture of a high growth, exciting SaaS company that believes that our customers should be able to see, hear & talk to their customers to empathize and understand their perspectives and gain fast feedback and insights to make decisions at the speed of business today.
- Cross-functionally contribute to the design and implementation of an enterprise-class security systems
- Lead and participate in risk management activities across the company
- Align standards, frameworks and security with overall business and technology strategy
- Identify and communicate current and emerging security threats
- Design security architecture elements to mitigate threats as they emerge
- Create solutions that balance business requirements with information and cyber security requirements
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Train users in implementation or conversion of systems
Five or more years security experience including:
- Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
- Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
- Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
- Obtaining and maintaining security certifications.
Experience with and knowledge of:
- Securing SaaS systems, Windows systems, Macintosh systems
- AWS, Ruby on Rails, My SQL
- Relevant National Institute of Standards and Technology (NIST) standards. A system that is not in compliance with the standards set by NIST, along with ISO27001, COBIT and COSO (below), will lack both compliance and adequate security architecture.
- ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization's risk management
- Control Objectives for Information and Related Technologies (COBIT)
- GDPR and emerging privacy standards
General skills include:
- Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
- Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
- The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
Relevant education and certifications:
- BA or BS in information security, engineering, mathematics, or related area. A Master's degree in an IT field is a plus, and a Master's in cybersecurity is an even bigger plus.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Information Systems Security Architecture Professional (ISSAP)
- Information Systems Security Engineering Professional (ISSEP).