**Job Title

Vice President, Chief Information Security Officer (CISO)

Role Overview**

We are seeking a dynamic and experienced VP, Chief Information Security Officer, to lead the process of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

This is based in United States as a remote position. We will only consider candidates currently in The United States and are not offering relocation assistance at this time

Company Overview

McAfee is a leader in personal security for consumers. Focused on protecting people, not just devices, McAfee consumer solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protects their families and communities with the right security at the right moment.

• Strategic Leadership:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program

• Work directly with the business units to facilitate risk assessment and risk management processes

• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems

• Provide leadership to the enterprise's information security organization

• Cross-Functional Collaboration:

• Partner with business stakeholders across the company to raise awareness of risk management concerns

• Interact with Global Markets engineering stakeholders to understand and communicate risks to critical infrastructure and systems, defining potential business impact, and tracking commitments to apply effective mitigating controls.

• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services

• Implementation Focus:

• Develop and enhance an information security management framework

• Drive adoption of application security, technology privacy, privilege management and vulnerability management controls as part of the Software Development Life Cycle (SDLC) and production management (DevOps) processes.

Required Qualifications

• Minimum of eight to 12 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Experience interfacing with and communicating complex technical security concepts to non-technical audiences.
• Information security policy, standards, guidelines or procedures development and implementation.
• Infrastructure, database and/or application security experience.
• Privilege management (i.e. access and identity management, access re-certification) experience.
• Control self-assessment, SOX404 technical control assessment, SOC 1/SOC 2 control assessment experience.
• Strong knowledge of control frameworks and the ability to design and evaluate effectiveness of controls embedded within business processes.
• Ability to work with large data sets, reporting dashboards and excel worksheets.
• Industry accepted security certifications including CISSP or CISM or CRISC or equivalent SANS certification
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.

Company Benefits And Perks

We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Bonus Program
• 401k Retirement Plan
• Medical, Dental, Vision, Basic Life, Short Term Disability and Long-Term Disability Coverage
• Paid Parental Leave
• Support for Community Involvement
• 14 Paid Company Holidays
• Unlimited Paid Time Off for Exempt Employees
• 96 Hours of Sick Time and 120 Hours of Vacation for Non-Exempt Employees Accrued Each Year

We're serious about our commitment to diversity which is why McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Please click here to view and download the Job Applicant Privacy Notice, which applies to all McAfee job applicants who are residents of the state of California.

About the job

The Role

We are seeking a dynamic and hands-on Chief Information Security Officer (CISO) with a strong background in application security to join our team. The ideal candidate will be passionate about leading our security strategy, with a specific focus on securing our applications and software development lifecycle. This role requires a proactive leader who thrives in a fast-paced environment and is excited about being deeply involved in both strategic planning and hands-on implementation.

Why is this an exciting role? Linktree is a massive platform with 50 million profiles, 2B monthly visitors and a massive volume of commerce activity (generating over 2% of amazon’s referral traffic). Despite this massive scale, we are a tiny company, 60 engineers strong, getting to move fast and drive impact. As a result, our CISO, like the rest of our executive team needs to be hands on, with the ability to drive impact themselves. We know this is a unique opportunity and we can’t wait to talk to you if you are a hands-on App Sec expert with several years of experience, excited to be our CISO.

Our Story

We're on a mission to empower anyone to curate, grow and monetize their digital universe. We created the "link in bio" category and are trusted by some of the world's biggest brands and celebrities including TikTok, The UN Environmental Program, The White House, F1, Manchester United, Olivia Rodrigo and Selena Gomez. With over 50M+ users and 40,000 new accounts created everyday, Linktree is the fastest growing leader in our category. Linktree has partnered with some of today’s biggest names like Amazon, TikTok, Snap, YouTube, GoFundMe, Spotify, Google, Stripe, Reddit and more to help unify users’ digital spaces— and we’re just getting started. Join us in empowering everyone from businesses to creatives in building their online presence.

• Leadership and Strategy:

• Develop and implement a comprehensive information security strategy aligned with the company’s business objectives.

• Lead the Information Security team, providing guidance, mentorship, and support to ensure the team’s success.

• Collaborate with executive management to establish governance for the security program.

• Application Security:

• Oversee and enhance the application security program, ensuring secure software development practices are integrated throughout the SDLC.

• Conduct regular security assessments, code reviews, and penetration testing to identify and mitigate vulnerabilities.

• Develop and maintain secure coding standards, guidelines, and training for development teams.

• Hands-On Security Operations:

• Be actively involved in the day-to-day security operations, including incident response, threat analysis, and vulnerability management.

• Implement and manage security tools and technologies to protect the organization’s information assets.

• Stay current with the latest security threats, vulnerabilities, and mitigation strategies.

• Compliance and Risk Management:

• Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR).

• Conduct regular risk assessments and audits, and develop action plans to address identified risks.

• Prepare and present regular reports on the status of information security to executive management and the board.

• Collaboration and Communication:

• Foster a culture of security awareness across the organization through training and communication.

• Work closely with IT, legal, HR, and other departments to ensure a coordinated approach to security and compliance.

• Act as the primary point of contact for all security-related matters, both internally and externally.

Required Qualifications:

• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Proven experience in application security, including secure coding practices, code reviews, and vulnerability management.

Preferred Qualifications:

• In-depth knowledge of application security frameworks and best practices
• Proficiency with security tools such as static and dynamic analysis tools, vulnerability scanners, etc.
• Hands-on experience with secure software development methodologies and DevSecOps practices.

P.S. If you don’t tick every box in this ad, please don’t rule yourself out. We take pride in inclusion and hiring incredible human beings with great potential over ticking boxes – so if this role resonates with you, hit that apply button!

Where And How We Work

We are a global and diverse group offering a truly flexible and family friendly work environment. Kids, pets, and the occasional delivery person are all actively encouraged to appear on our Zoom screens. All of us at Linktree work either fully remote or a flex hybrid approach.

We offer autonomy and flexibility in how you structure your days and weeks. There will be the need for some collaboration outside of your usual 9-5 being a global company, but we aim to work asynchronously where possible.

How We’ll Help You Thrive

Our approach to benefits considers the whole person and the unique contributions they bring to Linktree. We want the experience at Linktree to be one that enables people to truly thrive so we can Go Further Together. Some ways we support you:

• An annual wellbeing allowance to use on things like (but not limited to) fitness memberships, development courses, childcare, travel, charitable donations, pet insurance, home office set up - the choice is yours!
• 100% coverage (and 80% for your dependents) of your monthly premiums for medical, dental, vision, disability and life insurance for US-based employees.
• Employer contribution towards your retirement.
• Generous time off for vacation, holidays, parental leave, volunteer time and other categories.
• Employee Stock Option Program - we want each and every employee to share in the company’s success as we go further together.

To learn more about our benefits, including our parental leave program, volunteering leave, DE&I initiatives, and more, [click here](https://linktr.ee/s/about/careers/#:~:text=and linking limitlessly.-,Thrive%2C your way,-Staying healthy%2C inspired)!

At Linktree, we celebrate and support everyone’s perspective and background, and we’re proud to be an equal opportunity workplace. We aim to foster a diverse and inclusive environment where all team members have a sense of belonging, because we believe in going further together. Linktree welcomes all people regardless of sex, gender identity, race, ethnicity, disability, pregnancy, age, or other lived experience. If you require accommodations to fully participate in our opportunities, please don't hesitate to reach us at talent@linktr.ee – your needs are important to us.

About the job

The Chief Information Security Officer will lead MeridianLink’s information security functions. This position provides leadership and oversight for MeridianLink’s security program. Responsible for both IT security operations, and information security compliance with a focus on MeridianLink’s product security architecture and SaaS security operations.

The position will work with peers in Engineering, Enterprise Architects and the Product Owners to provide technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.

Company Overview

MeridianLink has a wonderful culture where people value the work they do and appreciate each other for their contributions. We develop our employees so they can grow professionally by preferring to promote from within. We have an open-door policy with direct access to executives; we want to hear your ideas and what you think. Our company believes that to be productive in the long term, we must have a genuine work-life balance. We understand that employees have families and full lives outside of the office. To that end, we honor their personal commitments. MeridianLink is an Equal Opportunity Employer. We do not discriminate based on race, religion, color, sex, age, national origin, disability, or any other characteristic protected by applicable law.

• Technical experience to lead on architectural and technical security by design
• Develop strong working relationships with technology and business partners across multiple locations in support of security, compliance, and audits for the organization.
• Provide strong positive and collaborative leadership to executive teams, other departments such as engineering, product management, legal, support, and IT. Also, lead and manage Information Security teams composed of internal and external resources
• Take initiative to identify gaps and changes required to address security threats and compliance with products.
• Present risk information to executives and advise on remediations.

Information Security

• Responsible for the review and certification of all back up and disaster recovery plans
• Oversee the secure development, design, and implementation of new applications and changes to MeridianLink SaaS applications
• Direct and manage computing and information security plans, policies, programs, and project schedules
• Continue to build and enhance secure application design and development policies and practices
• Partner with IT to ensure that the technical and security needs of internal systems and services are met
• Develop and maintain security policies and procedures including but not limited to incident response plans, business continuity plans, etc.
• Lead the implementation and operation of security services such as vulnerability assessment, threat monitoring and incident response
• Oversee security design and architecture including IaaS and PaaS cloud migrations
• Lead vulnerability, change, and configuration management for applications and infrastructure
• Oversee administration of security services, including antivirus, IDS/IPS, data loss prevention, and security monitoring.
• Customer facing responsibilities, such as pre-sales, facilitating due diligence requests, RFPs, and customer security concerns
• First line incident response and support for remediation
• Provide Identity and Access management solutions to ensure appropriate access to sensitive data
• Monitor the SDLC and ensure that coding is done with secure best practices (OWASP framework or equivalent) including modern deployment methods such as CI/CD pipelines

Security Assessments and Audit Management

• Experience leading red/blue security teams.
• Conduct application assessments (design reviews and pen tests) and lead the implementation of associated application security technologies
• Perform risk assessments on new technologies or discovered vulnerabilities

Information Security Awareness

• Implement organization-wide security awareness initiatives and provide timely information to employees and leadership regarding new and emerging threats
• Collaborate with all teams to communicate and enforce security controls

Legal and Governance

• Develop and maintain processes, policies, and technical controls in support of certifications programs and continual compliance with ISO/IEC 27001/2, SOC 1, SOC 2, and other applicable international privacy regulations.
• Continuously monitor security controls for all IT Security frameworks
• Oversee customer Information Security audits

Required Qualifications

• Bachelor’s degree in a relevant field or equivalent years of experience is required. Equivalent years of experience are determined as one year of technical experience for every year of college requested.
• Minimum 10 years of experience in Enterprise Information and Product Cyber security
• Strong knowledge of Secure Development Lifecycle and CI/CD automation tools (TF, Git, Jenkins)
• Knowledge of regulatory and standards-based compliance related to cloud and mobile applications, and data confidentiality (e.g., GDPR, FEDRAMP/FISMA, SOC 2, and ISO 27001, etc.)
• Experience with the application of risk identification and evaluation techniques
• Advanced knowledge of Cyber Security and full knowledge of multiple (full-stack) related engineering functions
• Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is required

Preferred Qualifications

• Preferred experience with securing cloud architectures (Azure/AWS) and/or Kubernetes
• Preferred experience leading red/blue security teams and working with engineering teams to remediate findings

MeridianLink runs a comprehensive background check, credit check, and drug test as part of our offer process.

Salary range of $269,600 to 346,100. [It is not typical for offers to be made at or near the top of the range.] The actual salary will be determined based on experience and other job-related factors permitted by law including geographical location.

MeridianLink offers:

• Potential For Equity-Based Awards
• Insurance coverage (medical, dental, vision, life, and disability)
• Flexible paid time off
• Paid holidays
• 401(k) plan with company match
• Remote work

All compensation and benefits are subject to the terms and conditions of the underlying plans or programs, as applicable and as may be amended, terminated, or superseded from time to time.