The Vice President of Information Security will act as the company's Chief Information Security Officer. This role is a highly visible and has the ability to shape the way our company functions and operates from a security perspective. The Vice President of Information Security, CISO will be empowered to implement information security compliance processes and procedures while also being the subject matter expert in all things security and will be part of the Executive Leadership Team.
What You'll Be Doing
Accountable for company-wide strategy on information security practices, policies, procedures, staff, security compliance, budget, and the tactical execution of those strategies.
Manage information security organization including hiring, performance management, and staff development.
Collaborate as a peer with leaders of IT, Software Engineering, Software QA, Product Management, Legal, and other senior management to ensure all aspects of our security program are effectively implemented, reviewed, and maintained.
Ensure compliance with security standards, audits, and regulatory requirements including FedRAMP, SSAE18 SOC2, ISO 27001/2, and the requirements of our clients and business partners.
Provide input and support from the Information Security perspective on privacy laws and regulations including GDPR, CCPA and other related state and federal laws.
Coordinate responses to customer security questionnaires, RFPs and Audits.
Meet with customers as a peer to sales in establishing the company's security systems and processes.
Ownership of information security: compliance, operations, audits, third party provider compliance, and testing.
Collaborate with Information Technology in support of Disaster Recovery and Business Continuity.
Serve as primary liaison to key vendors, business partners, customers, and prospects on information security matters, including but not limited to possible mergers and acquisitions.
Periodic reporting on our security program, material risks, etc. to executive management.
Responsible for company-wide information security risk management, incident management, security education and other related topics as appropriate.
Manage response to evolving security threats and compliance requirements.
Function as CISO and other designated roles as required.
Required Education, Experience and Certifications
MBA in a technology-related field, or equivalent work or education experience.
A minimum of 10 years' experience in an information or cyber security role including experience managing a successful team.
Relevant certifications CISSP, CISA, CCISO, CIPM and CGEIT are desired, in lieu of at least 10 years in an Information / Cyber security and or IT Compliance leadership role.
Preferable experience with NIST and/or FedRAMP Security Framework.
Previous experience with mission critical 24/7 SaaS application.
Proven track record and experience in development and execution of information security policies and procedures.
You will be responsible for maintaining and identifying opportunities to improve Smarsh's information security program. You will be required to periodically report out to the executive team on the organization's security and risk posture.
The role requires both technical information security management experience and project / security program management experience.
Ideal Candidate Characteristics
The right candidate will describe themselves as:
A take-ownership type of person - you love your job and pride yourself in doing it well
You are motivated by challenging projects
You like problem solving
You see the big picture while not losing sight of the details
You are intellectually inquisitive; you often find yourself Googling something for the fun of it
You like to get things done and you like empowering others to get things done
10+ years' experience in information security leadership role
Experience in technology/engineering/computer science related field or relevant employment experience
Experience managing any of the following security frameworks: FedRamp, NIST or ISO security or frameworks
Demonstrable project management and team management experience
At least one of the following certifications is preferred: CISSP, CISM, CIPM, CIPP, CFE, CISA or SANS GIAC. If not already maintained, Smarsh is willing to support CISSP certification within 6 months of hire.
Ready to join a thriving tech company that's redefining digital archiving and business intelligence? Smarsh is the leading comprehensive archiving platform. Recognized as one of today's fastest growing companies in the U.S., Smarsh delivers innovative cloud-based solutions that help organizations manage and enforce flexible and secure records retention and compliance strategies for electronic communications, including social media and enterprise social networks (Yammer, Chatter, Facebook, LinkedIn and more).
Our motto is 'People First. Inspire Confidence. Embrace the Impossible.' We hire lifelong learners who have a passion for their discipline and a track record of excellence. To learn more about us, visit www.smarsh.com/careers.