The Director of Information Security is a hands-on position reporting to the VP of Information Security, working with VPs and Executives.

What You'll Do:

• Responsible for managing SOC 2, SOX ITGC and PCI attestations for SaaS based solutions and improving controls based on your feedback and expertise, introducing new best practices and processes to service a fast-growing SaaS organization.
• Responsible for security technology and planning, multi-year roadmap development and execution, assist in developing security capabilities and processes while striking the right balance between risk management and operational efficiency
• Support the VP of InfoSec as a liaison on cybersecurity and privacy matters, including prioritization of risk remediation, risk quantification, and communication of risk decisions in a way that drives business value
• Develop and lead risk treatment directives and report on cybersecurity program progress and risk decisions to business stakeholders
• Possess a strong ability to influence and engage effectively with stakeholders across different functions, demonstrating skill and the talent to Information Security goals across the organization
• Deep understanding of IAM Security, Endpoint Protection, Vulnerability Management and Email Security program management strategy and governance to ensure alignment with standards and zero trust principles
• Manage 3rd party SaaS security reviews as part of the vendor management program
• Optimize security functional domains and operations, coordinate the preparation of cybersecurity resiliency plans to respond to cybersecurity and privacy breaches
• Support VP of InfoSec and provide direct oversight for KPI development, security effectiveness and efficiency plans
• Assist and manage the cybersecurity spend budget, service provider performance and relationship management
• Identify, evaluate, and manage innovations, tooling, and technologies to improve the security and compliance program
• Liaises with the Product Security, enterprise architecture, AWS infrastructure and engineering teams to build alignment, thus ensuring that information security requirements are being met
• Lead the response to security incidents, coordinating efforts to minimize the impact and recover from any breaches
• Improve incident Management operational capabilities and underlying Security Information and Event Monitoring (SIEM) capabilities for effective monitoring and response capabilities.

What We're Looking For:

• At least 8+ years of multifaceted security leadership and management experience in a pre-IPO and publicly held company environment
• Demonstrated experience applying security and risk frameworks, and regulations such as NIST CSF/800-53, AICPA SOC criterias, ISO 27001, CIS, OWASP, CSA, etc.
• Up to date and in-depth knowledge of cybersecurity technologies and trends, threat landscape, risk attribution and risk management in a complex global environment.
• Experience in Zero Trust Architecture, Mobile Device Management (MDM) , Endpoint detection and Response (EDR), AWS security controls, data security, risk management, security readiness backed with AI, OKTA Identity Access Management, Security Information and Event Monitoring (SIEM), Business resumption and contingency planning, cyber incident, and crisis management, etc.
• Experience managing strategic planning, budgeting, and resource management.
• Experience performing threat modeling and design reviews to assess security implications and requirements
• Highly motivated with an exceptional work ethics, problem solving skills, and demonstrated track record of influencing senior leaders and working with peers cross-functionally.
• One or more security certifications including CISSP, CISM, CCSP, CRISC, CISA