Director of Information Security

Job description

AuditBoard is a high-growth SaaS company in the financial technology space that is transforming the way organizations manage critical risk, audit and compliance initiatives. We believe in empowering enterprises to manage and control risk so that their businesses are able to thrive.

Designed by former chief audit executives, our enterprise cloud platform is purpose-built to automate and streamline activities in ways that align with how our thousands of users think and act daily. Clients range from pre-IPO organizations to Fortune 5,000 companies, including leading organizations such as Lululemon Athletica, WeWork, Activision Publishing, Lions Gate Entertainment Corp., TripAdvisor, Arthur J. Gallagher & Co. and Cox Communications, among many others.

We’re based in Los Angeles, growing rapidly and looking for bright, highly motivated people to join us! Learn more at auditboard.com.

 

Responsibilities

  • Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
  • Develop and implement company strategy for Information Security, Cybersecurity, and Data Privacy Protection, including risk-based control objectives and technical architecture framework.
  • Collaborate with Engineering team on Application and Infrastructure Security
  • Provide ongoing guidance and expertise in regulatory and industry developments related to Security, Cybersecurity, and Data Privacy Protection to senior leadership.
  • Lead project team to perform vulnerability management, 3rd party assessment, penetration testing, and other security initiatives.
  • Be the face of AuditBoard to clients and other 3rd parties for information security matters.
  • Continuously improve security design and planning of enterprise-wide networks, technology infrastructure, platforms and applications.
  • Define and communicate global security policies, standards, guidelines and procedures to ensure ongoing compliance with security requirements.
  • Lead enforcement and continuous improvement of internal security policies and procedures, and standards through internal audit, customer audit, and third party certifications.
  • Manage/implement information security training and phishing training program.

VP or CISO positions may be available based on experience.

Requirements

Requirements

  • 5+ years of experience in information security
  • Knowledge of common security frameworks such as NIST or ISO 27001
  • Strong understanding of regulatory compliance from various governing bodies.
  • Strong creative ability, analytical skills and independent judgment.
  • Excellent verbal and written communications and presentation skills

Preferred

  • Experience developing Information Security program from scratch
  • Experience with SOC-2 or Similar Compliance
  • Familiarity with Privacy frameworks and GDPR
  • Hands-on IT/Security tool implementation experience
  • Management/team-building experience
  • Experience speaking to clients