Head of Information Security

About The Position

Requirements

• Deep understanding of security protocols, cryptography, authentication, authorization, and security frameworks
• Experience establishing and maintaining Information Security compliance with relevant frameworks for both commercial and U.S. Government business (e.g. NIST 800-171/2, NIST 800-161, FedRAMP Moderate/High, DoD IL4/5, CMMC, ISO27001, SOC2)
• Associate or Bachelor's degree in Computer Science, Information Technology, System Administration, or a closely related field (or equivalent experience)
• 5-7 years of Information Security experience with advancing responsibilities
• Outstanding oral and written communication skills
• Operational and People leadership experience, with proven experience managing people
• 1-3 years of startup experience
• 1-3 years of experience administering a rapidly scaling network infrastructure
• 1-3 years of experience managing Information Security compliance particular to U.S. Government (preferably DoD) customers
• Effective stakeholder management
• Proven experience in a senior information security role, preferably within the technology or robotics industry
• Experience managing MSSP
• Experience with DoD incident response and reporting requirements and procedures (DFARS 252.204-7012)

Nice To Haves

• Certifications such as CISSP, CISM, or equivalent
• Familiarity with emerging Information Security Technologies and paradigms
• Experience obtaining and managing ATO for Cloud Service Offerings for USG (particularly DoD) clients
• Working knowledge of Cybersecurity Supply Chain Risk Management (NIST 800-161) controls

Responsibilities

• Identify and assess security risks, and develop strategies to mitigate them.
• Conduct regular security audits and penetration testing to ensure the robustness of systems.
• Manage the response to security incidents and coordinate recovery processes.
• Create, update, and enforce security policies, standards, and guidelines.
• Ensure compliance with commercial industry and U.S. Government specific laws, regulations, policies, and standards, such as ISO 27001, SOC2, GDPR, FedRAMP, CMMC, NIST SP 800-171/2, NIST SP 800-161, and Department of Defense (DoD) IL4/IL5.
• Embed deeply with Business Stakeholders to define InfoSec Roadmap and OKRs.
• Create processes and infrastructure to respond quickly and effectively to the evolving CyberSecurity needs of the business.
• Build the Information Security team at Gecko, hiring, managing performance and promoting Information Security team members.
• Negotiate and manage relevant vendors as well as budgets to ensure optimal investments.
• Provision and management of Gecko corporate devices.
• Support of the technical operations and maintenance needs of remote offices.
• Define and monitor security controls on Gecko infrastructure managed by IT.

Benefits

• Competitive compensation packages
• Company equity
• 401(k) matching
• Gender-neutral parental leave
• Full medical, dental, and vision insurance
• Mental health and wellness support
• Ongoing professional development
• Family planning assistance
• Flexible paid time off