Director of Information Security

Location

Boston, MA | United States

Job description

Job Details

• Title: Director of Information Security
• Salary: $250K - $300K + Bonus
• Required: SaaS Industry Experience
• Location: Remote (North America)

Our client, an industry-leading Fintech ($100M+ ARR) is primed for substantial expansion and is seeking a highly skilled and experienced Director of Information Security from the SaaS industry to join their rapidly growing team. The successful candidate will be responsible for leading cyber security efforts, growing the cyber security team, and implementing robust security measures to protect our digital assets and customer data. This position reports directly to the Chief Technology Officer.

Responsibilities

• Develop and enforce security protocols across the software development lifecycle, ensuring comprehensive coverage from inception to deployment.
• Assume full responsibility for patch management, regulatory compliance (PCI, SOC2, ISO, etc.), and ensure strict adherence to legal and industry standards.
• Identify and mitigate risks associated with database management, prioritizing the protection of data confidentiality, integrity, and availability.
• Implement robust security measures when collaborating with external entities such as vendors, partners, and contractors, safeguarding against unauthorized access to sensitive information.
• Execute cybersecurity best practices, including regular penetration testing, vulnerability scanning, threat intelligence management, and oversight of bug bounty programs.
• Foster the growth of a high-caliber security team, comprising security engineers, SOC personnel, and infrastructure security specialists, to maintain a resilient defense posture.
• Develop and implement disaster recovery (DR) policies, business continuity plans (BCP), and conduct thorough business impact analyses (BIA) to ensure operational resilience in the face of disruptions.
• Lead proactively in security practices by remaining updated on emerging threats, technologies, and industry standards.
• Act as a representative for the company at conferences and industry gatherings, advocating for our security initiatives and elevating our organizational profile.
• Disseminate security best practices through various channels, including blogs, to enhance awareness and foster education within the company and the wider community.
• Deliver regular security updates and reports to executive leadership, offering insights into the organization's security posture and recommending strategic directives.

Requirements

• Hold a Bachelor's or Master's degree in Computer Science, Information Security, or a relevant field.
• Possess demonstrable experience in a senior leadership capacity within information security, ideally within high growth SaaS environments.
• Exhibit extensive familiarity with security frameworks and standards, encompassing PCI DSS, SOC2, ISO 27001, NIST, among others.
• Demonstrate a deep understanding of software development methodologies, with the capability to seamlessly integrate security practices into the SDLC.
• Showcase a track record of spearheading security initiatives across diverse technology stacks and cloud environments.
• Exhibit exceptional communication and interpersonal skills, facilitating effective engagement with stakeholders at all organizational levels.
• Hold relevant industry certifications such as CISSP, CISM, CISA, or equivalent.
• Demonstrate a proven history of public speaking engagements and thought leadership within the information security domain.

Job tags

Salary