The Director of Information Security is responsible for Information Security at Alianza. He or she establishes and administers the overall strategies and procedures for the information security function. Develops and implements information security and disaster recovery programs in accordance with organizational information security standards. The DIS keeps us safe and protected. The position will report to the CTO.

Key Duties and Responsibilities:

• Own Comprehensive Information Security / Cybersecurity Program
  • Evaluate cyber security threats, risks, vulnerabilities, and processes to determine relative risk to the product, system, and organization
  • Lead information security risk assessments and controls selection activities.
  • Lead a small team of security and compliance engineers
  • Effectively manage up to the CTO and Executive team – present plans, strategies, and proposals for additional budgetary spend
• Own Compliance
  • Oversee ongoing compliance and audit activities.
  • Utilize automation to reduce manual overhead associated with audits and compliance.
  • Maintain SOC2 compliance and any additional compliance activities.
• Own Processes, Tools and Metrics
  • Processes & Tools
    • Establish and maintain all security related processes, policies, and procedures
    • Lead quarterly Corporate Information Security Steering Committee (CISSC) meetings
    • Review and update existing Information Security policy documents
  • Tools
    • Select and oversee the core security toolset in use at Alianza
      • Today we utilize Nessus Professional, AWS Guard Duty, and the KnowBe4 Platform – additional tools will be required
  • Metrics
    • Develop and implement the right KPIs and metrics for security
• Drive InfoSec Culture
  • Educate and evangelize the importance and benefits of security to all Alianza employees
  • Inspire adoption of security processes and policies by showing the benefits and importance of infosec
  • Drive continuous improvement by updating Alianza’s security related iniatives and priorities and new information becomes available
  • Promoting responsible behavior by improving the culture internally to ensure all staff are protecting against possible security incidents
  • Supporting the business in delivering quality and compliance in order to drive down information security risk

Qualifications:

• A strong, passionate, optimistic, team leader with a "will do" attitude that is contagious
• Must have a strong sense of urgency and continual improvement mentality
• Strong leadership competencies with ability to influence key stakeholders in matrix organization
• Experience leading information security programs at a software company – preferable a company utilizing public cloud
• Must have a strong sense of ownership – owning all things within the engineering team and executing them in a consistent and professional manner without direct supervision or micro-management
• Security auditing experience
• Prior experience with ISO27001, SOC2, HIPAA, and PCI compliance
• Must have a solid understanding of data privacy laws (GDPR, CCPA, etc)
• Security-related certification ideal (CISSP/CISM/CRISC)