Ultimately, you will boost sales and contribute to our long-term business growth. We are looking for a Director of Information Security to join our team based in New York City. This highly visible position has overall accountability for aligning our security operations to our overall business strategy. This position requires a strategic view with tactical execution and partnering across the organization to provide the highest levels of information security with equal focus on people, processes and technology. This is a client facing role that requires excellent communication skills. Ultimately, you will boost sales and contribute to our long-term business growth.
How you’ll contribute to our mission:
- Develop and execute on tactical and strategic goals to ensure a comprehensive information security program.
- Communicate information security policies, standards and guidelines across the company
- Communicate with clients and prospects regarding the security posture of the company.
- Provide regular reporting on the current status of the information security program to the Executive Team as part of a strategic risk management program.
- Respond to client and prospect due diligence questionnaires and interviews.
- Create, communicate and implement a risk-based process for vendor risk management.
- Assure ongoing penetration, vulnerability, disaster recovery, and data breach tests occur.
- Collaborate with IT Operations to mitigate vulnerabilities and implement security measures.
- Collaborate with Product Management on the security of the company’s products.
- Lead compliance efforts such as SOC 2, PCI, IS27000, CyberGRX and others.
How you’ll know you’re the right fit:
- 5-10 years of experience in a combination of risk management, information security and IT roles
- Bachelor’s degree in CS or related field; Master’s degree preferred.
- Proven track record and experience in developing information security policies and procedures.
- Industry Certifications: CISSP, CISM, CISA, CEH
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Hands-on security professional & technologist with experience securing web services running in a public cloud environment (AWS, GPC, Azure)
- Knowledge of regulatory compliance frameworks – HIPAA, NIST, SOX, ISO, GDPR, PCI DSS
- Strong knowledge of the various security solutions, such as AV, IPS, IDS, SIEM, VPN, DNS, firewalls, proxies, etc. is required
- Knowledge of Cloud Security best practices and tools such as security group management, developer account management, secure deployment models, etc.
- Experience (or strong interest) in working in a fast-paced startup environment