• Strategy and Leadership:
• Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
• Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
• Collaborate on the overall business technology plan with Engineering, Product, Legal and Revenue, providing a current knowledge and future vision of security technology and systems
• Oversee a team of Security Professionals to execute on the security roadmap
• Risk Management:
• Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
• Develop and maintain the organization's risk management framework, policies, procedures, and standards
• Security Operations:
• Oversee the operation of the enterprise's security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, endpoint security solutions, etc.
• Lead Security incident response planning and execution to mitigate potential threats and minimize impact
• Develop and achieve individual and team focused Security OKRs
• Compliance and Audit:
• Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
• Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2
• Training and Awareness:
• Promote security awareness and coordinate security training programs for employees at all levels of the organization.
• Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
• Vendor and Third-Party Risk Management:
• Evaluate, monitor, and manage risks associated with third-party vendors and service providers
• Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
• Budget Management:
• Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities

Required Qualifications:

• Proven experience (8+ years) in a senior-level information security management role
• Degree in Computer Science, Information Technology, or a related field
• Professional Security certifications such as CISSP, CISM, or CISA
• Experience with certification of common information security management frameworks, such as SOC2, ISO/IEC 27001 and NIST
• Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, etc)
• Experience in a SAAS company
• Experience with cloud and hybrid security principles and practices
• Track record of successfully building and leading high-performing global cybersecurity teams
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management, including managed services

Preferred Qualifications:

• Advanced degree in Computer Science, Information Technology, or a related field

NA