About the Role
The Chief Information Security Officer (CISO) is a senior business leader who will oversee all aspects of data privacy, compliance, and security for Validity. The person in this position will create and manage business-aligned security, compliance, and data privacy programs by developing, documenting, implementing, and maintaining comprehensive security compliance and privacy frameworks. The CISO will build and manage the teams responsible for daily operations in support of these frameworks, providing strong risk management, control procedures, and incident response support for company operations. The successful candidate will form close relationships with executive leaders to determine acceptable levels of business risk and will foster strong working relationships with business stakeholders to work collaboratively to improve Validitys security compliance and privacy posture.
Position Duties and Responsibilities
- Develop, implement, and monitor strategic, comprehensive, enterprise information security and IT risk management programs.
- Define, build, and lead an Information Security organization in support of team mission and defined information security programs.
- Manage and maintain ongoing SOC 2 and ISO audit programs and requirements.
- Work with Executive Leadership to define acceptable levels of business risk.
- Serve as the company spokesperson, providing timely Sales Support for Information Security and Data Privacy matters.
- Work collaboratively with engineering and product management teams to ensure privacy and security by design and satisfaction of regulatory obligations in new products and product features.
- Work directly with the business units to facilitate risk assessment and risk management processes.
- Conduct 3rd party security and privacy risk assessments to identify areas of unexpected risk to business and technology operations.
- Assist with the overall business technology planning, providing a future vision of technology and systems.
- Develop metrics for evaluating the effectiveness and success of the security and privacy frameworks to ensure they meet the needs of all internal and external stakeholders.
- Establish and administer a process for receiving, documenting, investigating, and responding to complaints and/or allegations of violations of Validitys privacy policies and procedures.
- Lead all privacy and security governance efforts to ensure alignment of the privacy and security program to the needs of the organization as well as legal and regulatory requirements.
- Build and periodically test incident response programs based on business risk analysis.
Required Experience, Skills, and Education
- Minimum of eight to 12 years of experience in a combination of risk management, information security, and IT roles within a SaaS company. SaaS experience is a must.
- Minimum of 5 years of experience in a senior leadership role.
- Successful track record of implementing corporate security and privacy, and governance programs.
- Proven senior leadership skills - the ability to balance team and individual responsibilities; building teams and consensus; ability to influence and get things done through others not directly reporting to you.
- Deep and demonstrable knowledge of common information security management frameworks, such as SOC 2, ISO/IEC 27001, and NIST.
- Deep knowledge of global privacy and security laws and regulations.
- Experience with contract and vendor negotiations and vendor management including managed services.
- Proven experience building security programs in Cloud computing/Elastic computing across virtualized environments.
- Prior experience in SOX and/or highly regulated environments is preferred.
- Well-developed analytical skills: ability to assess situations and complex problems quickly.
- Strong consultative approach including listening, questioning, and devising a solution that fits well into the business and follows good security practice.
- Demonstrate a high level of personal integrity.
- Excellent communication skills - interpersonal, writing, telephone, group presentation, and creative problem-solving skills.
- An unquenchable thirst for learning and knowledge about current technology and security trends and stay on top of those topics regularly.
- Industry certifications: CISSP, CIPM, CIPP, and/or other relevant credentials.