Head of Privacy and Information Security

Posted Nov 17

Athennian increases trust in business. Our products help legal, finance, and tax teams be transaction and audit-ready by organizing business entity and corporate structure information. Over 370,000 business entities in almost every country are managed on Athennian to automate workflows for ownership, company secretarial, governance, tax, and compliance.

We are seeking a Head of Privacy and Information Security to join our Engineering Technology team in a full-time, permanent capacity. Reporting to the Engineering Manager, DevOps, and Infrastructure, the Head of Privacy and Information Security will play a key role in shaping a culture of privacy-first principles and data security, ensuring Athennian complies with evolving privacy regulations while strengthening its overall security posture through robust policies, technical controls, and educational initiatives.

Key Responsibilites:

  • RFP/RFI Management - Oversee the end-to-end process of responding to security-related RFPs, RFIs, and questionnaires. This includes analyzing requirements, collaborating with internal teams to create thorough responses, and ensuring timely, accurate submissions. Maintain detailed records and facilitate clear communication with clients, vendors, and internal stakeholders.
  • Privacy and Security Strategy & Oversight: Develop and implement an organization-wide privacy and information security strategy that aligns with regulatory requirements and best practices. As the Company’s Head of Privacy, serve as the primary point of contact for data privacy matters, ensuring compliance with privacy laws, overseeing data protection practices, and advising on privacy implications across all company operations and new initiatives.
  • Compliance and Data Protection Standards: Ensure compliance with industry regulations (e.g., GDPR, SOC2, ISO 27001) by establishing and maintaining robust data protection policies and information security standards. Assist with audits and evidence gathering related to SOC2 compliance and other privacy frameworks, providing oversight for security controls and data protection measures.
  • Data Governance and Risk Management: Conduct and document security and data privacy risk assessments, compliance reviews, and communicate risk mitigation strategies to senior leadership, engineering, and relevant stakeholders.
  • Security Infrastructure and Vulnerability Management: Monitor both on-prem and cloud infrastructure for vulnerabilities, assess risk factors, and implement solutions to improve security and data protection.
  • Privacy by Design: Partner with product and engineering teams to embed privacy and data protection principles in the product lifecycle, from initial design to deployment.
  • Security and Privacy Awareness: Lead employee security and privacy training initiatives focused on email threats, data handling, and best practices in protecting sensitive information.
  • Incident Response and Recovery: Manage incident response for security and data privacy breaches, conduct root cause analyses, and oversee remediation efforts.
  • Third-Party Vendor Management: Coordinate with third parties on security and privacy audits, assessments, and remediation efforts (e.g., penetration testing, bug bounty programs).
  • Policy Development and Access Management: Oversee development of information security and privacy policies, conduct regular access management reviews, and implement technical controls for data protection.
  • Privacy Impact Assessments (PIAs): Conduct and review PIAs to evaluate privacy risks associated with new projects, technologies, and data processing activities.
  • Security Metrics and Reporting: Gather, document, and report security and privacy metrics, analyzing trends to guide continuous improvement.

Qualifications:

  • Experience: 7+ years in information security, data protection, and privacy roles.
  • Technical Skills: Proficiency in cloud technologies (e.g., AWS) and experience securing hybrid environments (on-premises and cloud).
  • Security Solutions: Hands-on experience managing security solutions such as SIEM, EDR, firewalls, IPS/IDS, and encryption.
  • Privacy Frameworks: In-depth knowledge of data protection regulations and standards (GDPR, SOC2, ISO 27001, NIST 800-171).
  • Certifications: Industry-recognized certifications (CISSP, CIPP, CISA, Certified Ethical Hacker, CompTIA Security+) are preferred.
  • Incident Management: Proven experience in incident response, management, and root cause analysis.
  • Analytical Skills: Ability to conduct privacy and security risk assessments and analyze network traffic, system alerts, and data logs for trends.
  • Communication and Collaboration: Excellent ability to convey complex privacy and security concepts to technical and non-technical audiences.
  • Autonomy and Organization: Ability to work independently, prioritize tasks effectively, and manage multiple projects concurrently.

Location

Athennian embraces a remote-first culture and this role is open to candidates based anywhere in North America, including both the U.S. and Canada.

Our Culture 

Our company thrives in a fast-paced startup environment where every team member plays a critical role in driving success. We value ambitious, results-driven individuals who are not only proactive in identifying opportunities but are also committed to going the extra mile. In our culture, collaboration and initiative fuel our growth as we embrace new challenges, learn constantly, and move quickly to seize opportunities. If you're a go-getter who thrives on impact and thrives in a dynamic setting, you'll fit right in. Our values are:

Outcome Driven: We focus on setting ambitious goals and achieving measurable results, valuing success by the outcomes we deliver.

Wide Responsibility: Our team is empowered to shape success, taking ownership from problem identification to solution implementation.

Learning Mindset: We embrace curiosity, rejecting the status quo and encouraging continuous learning and agility.

Strategic Speed: We make fast, effective decisions and embrace a bias for action to seize opportunities quickly.

Benefits at Athennian

We offer competitive benefits and perks because we believe that happy people produce great results. We are always adding to this list based on employee feedback: generous vacation/sick/flex days, remote work options, flexible working hours, health/dental/vision/group life/gRRSP/LTD/AD&D/EFAP benefits, high growth environment, team-building, day-to-day variety (never a dull moment), MacBook for all employees, stock options, and a culture of transparency.