Head of Cybersecurity
We are looking for an experienced Head of Cybersecurity with a background in IT product development to manage and oversee all information security matters within our company.Responsibilities:Security Strategy and Planning: Developing and implementing a thorough information security strategy and roadmap to address current and future threats, vulnerabilities, and risksSecurity Leadership: Providing strategic direction and leadership for the Information Security team, ensuring alignment with business objectives, industry standards, and best practicesRisk Management: Overseeing risk assessment and management processes, identifying and prioritizing security risks, and implementing appropriate controls and mitigation strategiesGovernance, Compliance, and Regulatory: Ensuring ongoing compliance with relevant regulations and standards like ISO 27001, ISO 27017/18, SOC 2 Type, HIPAA, GDPR, etc.Vendor and Third-Party Risk Management: Supervising the evaluation and management of security risks associated with third-party vendors and partnersSecurity Awareness and Training: Developing and implementing security awareness programs to educate employees and promote a culture of security awareness and complianceSecurity Governance and Compliance: Establishing and maintaining security policies, standards, and procedures to ensure compliance across the organizationSecurity Metrics and Reporting: Defining and tracking key security metrics to evaluate the effectiveness of security controls and reporting on security status to executive leadership and stakeholdersQualifications:Bachelor’s degree in Computer Science, Information Security, or related fieldIndustry certifications such as CISSP, CISM, CISA, or equivalent3+ years experience in information security leadership roles in SaaS domain / +7 years experience in the information security field overallGood knowledge of security frameworks, standards, and regulations, including ISO 27001, SOC 2, HIPAA, GDPR, etcStrong understanding of cloud security principles and best practices, particularly in AWS/AzureExperience in managing security incidents and leading incident responseGood communication and interpersonal skills, with the ability to effectively communicate security-related questions to technical and non-technical stakeholders (employees, customers, or partners)Project management skills, with the ability to manage projects such as processes implementation and improvement, security systems implementationAbility to collaborate cross-functionally and influence stakeholders at all levels of the organizationFEDRamp - will be a big advantage
Responsibilities:
- Security Strategy and Planning: Developing and implementing a thorough information security strategy and roadmap to address current and future threats, vulnerabilities, and risks
- Security Leadership: Providing strategic direction and leadership for the Information Security team, ensuring alignment with business objectives, industry standards, and best practices
- Risk Management: Overseeing risk assessment and management processes, identifying and prioritizing security risks, and implementing appropriate controls and mitigation strategies
- Governance, Compliance, and Regulatory: Ensuring ongoing compliance with relevant regulations and standards like ISO 27001, ISO 27017/18, SOC 2 Type, HIPAA, GDPR, etc.
- Vendor and Third-Party Risk Management: Supervising the evaluation and management of security risks associated with third-party vendors and partners
- Security Awareness and Training: Developing and implementing security awareness programs to educate employees and promote a culture of security awareness and compliance
- Security Governance and Compliance: Establishing and maintaining security policies, standards, and procedures to ensure compliance across the organization
- Security Metrics and Reporting: Defining and tracking key security metrics to evaluate the effectiveness of security controls and reporting on security status to executive leadership and stakeholders
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, or related field
- Industry certifications such as CISSP, CISM, CISA, or equivalent
- 3+ years experience in information security leadership roles in SaaS domain / +7 years experience in the information security field overall
- Good knowledge of security frameworks, standards, and regulations, including ISO 27001, SOC 2, HIPAA, GDPR, etc
- Strong understanding of cloud security principles and best practices, particularly in AWS/Azure
- Experience in managing security incidents and leading incident response
- Good communication and interpersonal skills, with the ability to effectively communicate security-related questions to technical and non-technical stakeholders (employees, customers, or partners)
- Project management skills, with the ability to manage projects such as processes implementation and improvement, security systems implementation
- Ability to collaborate cross-functionally and influence stakeholders at all levels of the organization
- FEDRamp - will be a big advantage