Key Responsibilities:

Manage the Information Security Program:

• Provide strategic leadership for risk management, compliance programs, IT systems, and security initiatives.

• Ensure adherence to chosen information security standards, based on the NIST Cybersecurity Framework.

• Report compliance and security metrics to senior leaders, both internally and externally.

• Enhance the information security awareness training program for all employees and contractors.

• Participate in business and technology projects to ensure compliance with Information Security Program standards.

  
  

Lead the Organization:

• Direct the information security function to ensure high-quality security management aligned with business goals.

• Establish the information security approach and operating model, aligning with risk management and compliance requirements.

• Manage the information security budget, monitoring and addressing discrepancies.

• Coordinate a robust information security organization, including hiring, training, staff development, and performance management.

  
  

Determine Strategy:

• Develop an information security vision and strategy aligned with organizational priorities and business objectives.

• Implement and monitor a comprehensive information security program to ensure confidentiality, integrity, availability, safety, privacy, and recovery of information assets.

• Assist in new product development, adjusting the strategy to address new threats.

• Identify key threats to information assets and champion projects to enhance security.

  
  

Operate the Function:

• Ensure compliance with applicable laws and global regulatory requirements for data privacy and information security.

• Collaborate with the data privacy officer to integrate data privacy requirements.

• Oversee technology dependencies outside of direct control, reviewing contracts and managing risk.

• Manage information security incidents to protect corporate assets, intellectual property, regulated data, and company reputation.

• Monitor the external threat environment and advise stakeholders on appropriate actions.

• Develop and oversee disaster recovery policies and standards to support business continuity.

• Coordinate incident response plans to ensure recovery of business-critical services.

• Oversee external vendors providing security functions.

• Maintain and improve compliance with SOC 2 and ISO 9001 certifications.

  
  

Qualifications:

• 10-15 years of experience in risk management, information security, and IT, with at least five years in a senior leadership role.

• 5-10 years of information security leadership experience with a SaaS provider.

• Excellent written and verbal communication skills, with the ability to communicate security concepts to both technical and nontechnical audiences.

• Proven track record in developing and executing successful information security programs.

• Ability to remain composed and effective in high-pressure situations.

• Strong problem-solving and critical-thinking skills.

• In-depth knowledge of relevant legal and regulatory requirements, such as GDPR.

• Degree in business administration or a technology-related field, or equivalent experience.

• Professional security management certifications (e.g., CISSP, CISM, CISA).

• Familiarity with information security management frameworks (e.g., ISO/IEC 27001, ITIL, COBIT, NIST 800-53, and Cybersecurity Framework).

• Experience with contract and vendor negotiations.

• Strong stakeholder management skills.

• High level of integrity and ability to handle confidential matters professionally.

• Initiative, dependability, and resilience to change, with the ability to work independently.

  
  

Bonus Points:

• Additional relevant qualifications or certifications.

  
  

Travel:

• Up to 15%

  
  

If you are a seasoned information security professional looking to lead and shape the security landscape of a dynamic organization, we encourage you to apply for this exciting opportunity in Austin, TX.