Director, Cybersecurity

About the position

The Director of Cybersecurity oversees all aspects of the organization's cybersecurity strategy, including risk management, incident response, compliance, and awareness training. They make quick and effective decisions to address security challenges and provide recommendations to mitigate risks. Collaborating with various departments and external stakeholders, they ensure alignment with organizational goals and regulatory requirements. Ultimately, they foster a culture of security awareness and compliance to protect data and information systems for employees, pros, and customers.

Responsibilities

• Lead and manage the cybersecurity team, including hiring, training, and performance management.
• Provide strategic direction and guidance on cybersecurity initiatives, ensuring alignment with business objectives.
• Develop and implement cybersecurity policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
• Oversee incident response activities, including detection, analysis, containment, eradication, and recovery from cybersecurity incidents.
• Stay abreast of emerging cyber threats, vulnerabilities, and technologies to continuously improve the organization's security posture.
• Collaborate with internal stakeholders, including IT, legal, compliance, and business units, to ensure cybersecurity requirements are integrated into business processes.
• Serve as the primary point of contact for cybersecurity-related inquiries from internal and external stakeholders, including clients, auditors, and regulators.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field. Master's degree preferred.
• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Minimum of 10 years of experience in cybersecurity, with a proven track record of leadership and team management.
• Strong understanding of cybersecurity and privacy frameworks and standards, including NIST CSF, NIST RMF, ISO27001, SOC 2, PCI DSS.
• Experience leading incident response activities, including forensics, investigations, and coordination with law enforcement.
• Deep technical knowledge of cybersecurity technologies, tools, and techniques, including intrusion detection/prevention systems, SIEM, endpoint protection, and encryption.
• Excellent communication and interpersonal skills, with the ability to effectively communicate cybersecurity risks and recommendations to non-technical stakeholders.
• Demonstrated track record of leading fast-paced teams within tech industry, with ability to drive innovation and solve critical technical challenges at various scales.

Nice-to-haves

• Programming knowledge (Golang, Python, PHP, UNIX shell scripting, etc)
• Understanding of IT and information security principles and best practices (e.g., ITIL, CAN-SPAM, TCPA)

Benefits

• Virtual-first working model coupled with in-person events
• 20 company-wide holidays including a week-long end-of-year company shutdown
• Library (optional use collaboration & connection hub) in San Francisco
• WiFi reimbursements
• Cell phone reimbursements (North America)
• Employee Assistance Program for mental health and well-being