Head of Security

The Role:

We are looking for a senior information security leader to lead our Security team. As Head of Security you will be responsible for leading all aspects of ZEBEDEE’s enterprise-wide vision, strategy, architecture, policies, and programs for information security and risk. You also have extensive experience establishing security controls in cloud-based environments built on AWS. You will work to consistently raise the importance of information security to top-level management, teams, individuals, and customers.

Responsibilities will be variable and will depend on the specific project currently being worked on, but will typically include:

• Establishing the right security and governance practices for the company.
• Enabling a framework for risk-free and scalable business operations in the challenging business landscape.
• Alongside CTO, responding to outside DDQs (data discovery questionnaires).
• Establishing and managing a risk profile or all privacy, compliance, and cybersecurity risk issues affecting the platform.
• Providing remediation guidance for any security issue found or brought to the team’s attention.
• Establishing proper governance programs that align to a defined security framework.
• Establishing a Gantt diagram that outlines the roadmap for the platform’s security program.
• Providing insight to macro cyber threats that may be relevant to the company’s attack surface.
• Championing information security to all levels of the business.
• Providing senior management and the board of directors with accurate assessments of our security posture and progress on an ongoing basis.
• Act as the point person for SOC2/ISO standards and certification processes.
• Alongside CTO and CCO, act as another point person for discussing Compliance matters with state and federal regulators.
• Alongside VP of Engineering and CTO, create, manage, and maintain comprehensive plans for performing pentests on the platform.

Requirements:

• 6+ years of experience with application security and information security programs.
• 3+ years experience leading, developing, and managing an information security team.
• Relevant experience managing security policies and environments on Amazon Web Services.
• Experience building security programs and developing policies, standards, and procedures.
• Experience with handling incident responses and leading Security Incident Response Teams
• Excellent interpersonal communication and conflict-resolution skills.
• Able to balance short term and long term business goals.