The role includes working with executive management to determine acceptable levels of risk for the organization, assessing the current state of risk, and putting forth treatment plans to meet the security objectives. This position is responsible for establishing and maintaining a corporate-wide information security management program, privacy regulation controls, and a compliance program to ensure that information assets are adequately protected.
Set the vision, strategy and roadmaps for Security and IT programs including SOC2 and ISO 27001
Develop, lead and scale diverse technical teams to execute on the roadmap and day to day responsibilities
Collaborate with senior Engineering, Product, Legal and other functional leaders to get buy-in and participate in the execution of the strategy and roadmap as well participate in architecture reviews, implement guidelines and monitor ongoing security
Advocating initiatives and software development processes that reinforce that security is every engineer’s responsibility
Work with the sales organization to build security awareness, a competitive security position, and trust with prospects and clients.
Developing, implementing, and managing information security training and awareness for Bluecorians at all levels. This includes, publicizing and explaining of policies and procedures and while growing our knowledge base
Work with Bluecore’s Data Privacy Officer to align the technical elements of privacy operations with applicable privacy regulations. (GDPR, CCPA, CPRA and more)
Provide leadership to Bluecore’s IT and Security organization while growing our existing team’s capabilities.
Drive and influence technology selection across the organization
Prepare and report on information security posture and risk management status to Senior Management and the Company’s Board of Directors
10+ years of experience in a combination of risk management, information security, and application security engineering roles.
5+ years in a senior leadership role in security
Demonstrated experience with Application Security, DevOps, or Cloud Security functions as a leader or in a people management role.
Experience with cloud computing technologies with security commitments to customers and partners. Our Cloud Provider is GCP.
Knowledge and understanding of relevant legal and regulatory requirements such as Payment Card Industry/Data Security Standard Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA) and frameworks, such as ISO/IEC 27001, and NIST.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
Empathy and emotional intelligence to lead a diverse group of engineers and managers at varying stages of their careers
Significant experience building diverse and inclusive teams