Deputy CISO

About The Position

Requirements

• 10–15+ years of progressive InfoSec leadership, including VP/Head-of-level responsibility and deep operational oversight.
• Demonstrated success leading cloud-first or cloud-scale security programs, ideally high-risk environments.
• Strong, current technical foundation with an emphasis on network security, including: TCP/IP, routing, firewalls, VPNs, proxies Network and distributed system architecture review Attack path analysis, lateral movement detection, and traffic-level defensive engineering Secure design of large, distributed, cloud-native systems
• Significant incident response leadership, including enterprise-scale, high-severity events and coordination of technical responders.
• Enterprise-level AI/ML security expertise, including hands-on implementation experience, adversarial testing, secure model design, or applied detection use cases — with the ability to lead AI security strategy across product and enterprise.
• Strong command of security frameworks and risk standards (NIST CSF, ISO 27001, SOC 2, PCI, GDPR).
• Engineering mindset and technical pedigree, ideally supported by a STEM degree.
• High-credibility communicator able to influence senior technical leaders and translate complex risks into business-aligned decisions.

Responsibilities

• Oversee cloud, platform, and network security for a large-scale, distributed SaaS product.
• Evaluate and influence architectural decisions across microservices, APIs, and cloud infrastructure.
• Provide deep technical guidance in areas such as: Network segmentation and secure VPC design Firewall, boundary control, and traffic flow architecture Protocol-level traffic analysis and defensive engineering Secure design patterns and resilient architecture for cloud-native systems
• Assess architectural diagrams and network topologies, challenging engineering decisions with confidence.
• Guide engineering teams on threat modeling, attack surface minimization, and resiliency.
• Lead enterprise-scale incident response, driving real-time decisions.
• Understand root cause, containment strategies, log sources, detection gaps, and kill-chain impacts.
• Direct cross-functional responders during high-severity events.
• Partner with engineering and product teams for fast remediation.
• Communicate clearly with senior executives during critical incidents.
• Oversee enterprise risk management, including GRC, vendor risk, and regulatory frameworks (SOC 2, ISO 27001, GDPR, etc.).
• Lead initiatives in AI/ML security, including adversarial testing and the build-out of an AI security testing function.
• Drive cross-functional resilience programs spanning business continuity, disaster recovery, and data lifecycle governance.
• Translate technical risks into operational and business implications for executive stakeholders.
• Influence product, engineering, legal, and risk partners to ensure aligned and scalable security practices.

Benefits

• In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.
• Benefits vary by location but generally include private medical, life, and disability insurance.
• Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.