• Maintain and mature the organization’s information security program based on emerging threats to the organization’s systems and data, the company’s compliance needs, third-party risks, and industry-wide best practices to protect and secure all company assets
• Promote and personally drive a cross-functional and collaborative relationship with critical business partners and internal teams
• Develop a deep understanding of the company’s infrastructure and service architecture to provide ongoing guidance to engineering teams about potential threats and vulnerabilities as well as insight into designing and prioritizing efforts to address them
• Maintain, mature, and execute on the company’s security, privacy, and compliance goals; define security strategies, metrics, reporting mechanisms, and program services; and create maturity models and a roadmap for continual program improvements
• Proactively monitor emerging risk- and security-related methods, practices, processes, procedures, and technologies
• Identify, manage, and report on security events
• Maintain and mature the company’s risk assessment, mitigation, and remediation efforts
• Anticipate and respond to client, partner, and regulatory inquiries by representing the company from security, compliance, and privacy perspectives
• Lead efforts around assessment, achievement, and maintenance of ISO, PCI, SOC2, HITRUST, and other accreditations and certifications for identified business activities
• Communicate and report regularly on security strategy and operations to executive leadership and the Board of Directors
• Develop training programs to ensure employees’ understanding of the company’s security policies and how those policies apply to their day-to-day activities
• Lead the vulnerability management program including external and internal vulnerability assessments and remediation efforts, key security update tracking, and end-of-support planning
• Partner with the operations teams to grow and mature the company’s Business Resiliency program inclusive of Command and Control, Business Continuity, Disaster Recovery, and Incident Response
• Manage the company’s eDiscovery program
• Prepare recommendations regarding new technologies and emerging practices to enhance the company’s market position, including automation, geographical multifactor authentication, eDiscovery, data loss prevention, endpoint management, network segmentation, and more

Required Qualifications

• Minimum of a bachelor’s degree in computer science or a similarly relevant technical field
• 10+ years of information security experience, including at least one leadership role in a mid-size software company
• 7+ years of experience working with national and international regulatory compliance frameworks such as ISO, NIST, PCI DSS, and HITRUST.
• Track record leading a comprehensive security program for a global company
• Product experience in compliance, cybersecurity, and/or data analytics
• Experience advising engineering teams to develop secure applications and services with a security- and privacy-by-design mentality
• Technical acumen to develop cybersecurity posture and execute the strategy with a clear vision for the evolving needs within the cybersecurity function
• Understanding the needs and concerns of large, global enterprise customers
• Ability to build relationships and influence all levels within an organization
• Executive-level oral and written communication skills with the ability to communicate technology, data, and risk concepts clearly—for both internal stakeholders and external customers—adapting the message to meet the audience
• Experience creating a vision and providing the leadership and change management support to transform the vision into reality

Preferred Qualifications

• Experience managing physical security a plus

Compensation

Afiniti offers a competitive base salary, bonus, equity commensurate with experience and corporate benefits.

We believe that richness in diversity is a huge asset for Afiniti. We value both the similarities and differences in everyone who is a part of the Afiniti team. We believe that this diversity builds a stronger organization and is in keeping with the core values of our company. Our policy, therefore, is to provide equal employment opportunities for all applicants and employees without regard to race, color, religion, sex (including pregnancy, childbirth, related medical conditions, breastfeeding or reproductive health decisions), gender identity or expression, national origin, age, marital status, ancestry, physical or mental disability, sexual orientation, personal appearance, genetic information, family responsibilities, matriculation, political affiliation, military or veteran status, or any other category protected under applicable federal, state or local law. This means that we comply with all applicable human rights and employment legislation, and we do not discriminate in any aspect of employment, including recruiting, hiring, compensation, promotions, reductions in force, or terminations.