Vice President, Information Security

About The Position

Requirements

• 10+ years of business experience in a combination of IT security, risk management, or Information Security.
• 7+ years in a leadership role.
• Demonstrated executive level business and technical acumen.
• Ability to develop and clearly articulate a compelling security strategy to key management stakeholders.
• Pragmatic mindset, ability to handle difficult problems with partial data and under high pressure.
• Strong knowledge of current and emerging cyber security risks and innovative risk management methods and solutions.
• Strong understanding of security concepts and technologies.
• Experience applying security frameworks such as ISO 2700x, NIST CSF, or NIST 800-53 including compliance and audit strategies for cloud environments (IaaS, SaaS, etc).
• Subject matter expertise in developing and executing company-wide program, policies, procedure, and controls.
• Expertise in domains such as application development, application security, security operations, cybersecurity monitoring, vulnerability management, incident management/response, identity and access management, and cloud infrastructure (AWS/GCP/Azure).
• Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization, including directly with Uplight’s Board and/or Audit Committee.

Nice To Haves

• Completion of prior successful external audits, such as SOC 2.
• Prior experience automating compliance controls.
• Certification showing expertise in security management, audit, or risk management (e.g. CISSP, CISA, CISM, CRISC).

Responsibilities

• Define a cyber security strategy and capability roadmap that keeps pace with cyber threats and Uplight’s growth plans.
• Develop, implement, and monitor a strategic, comprehensive enterprise risk management program.
• Provide leadership to security professionals and teams, including recruitment, development, and performance management.
• Create a cyber risk strategy that identifies and defines risk tolerance levels and prioritizes mitigation strategies and activities.
• Identify key metrics to measure enterprise-wide security effectiveness and support program governance.
• Manage potential security incidents, communicating any suspected or confirmed incidents with business leaders, and performing in depth investigations as required.
• Assist the sales function as necessary to educate potential and current customers on Uplight’s security posture.
• Assist sales and legal with customer contractual negotiations in relation to security requirements, including any customer security requests.
• Implement and oversee procedures and controls to assure compliance with applicable regulatory, legal, and contractual requirements.
• Own SOC 2 and other external audit programs and manage technical internal audit processes.
• Manage the 3rd party/vendor risk management process.
• Facilitate the resilience program to ensure appropriate incident response, business continuity, and disaster recovery programs are in place.
• Collaborate with Legal on the privacy program and manage privacy operations.
• Proactive partnership across the organization to ensure security, compliance, risk, and privacy concerns are delivered in a way that strikes balance and works for our customers and the business.

Benefits

• flexible time off
• generous parental leave
• a wellness stipend
• work flexibility
• comprehensive benefits package