Fractional Chief Information Security Officer (CISO)

Job Description

• Develop and drive implementation of a short and long term security strategy and goals in alignment with Peach's business objectives and culture. • Oversee information security in enterprise IT infrastructure and in deployment and management of enterprise applications. • Secure operations involving Engineering, and development operations, requiring connectivity and integration with third party partners. • Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities. • Perform gap analysis of current state versus industry best practices. • Act as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance. • Manage communications with security leaders from clients and partner organizations. • Prepare and present accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements. • Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements. • Identify and classify risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation. • Establish and enhance Policies and Procedures to ensure the following of security best practices and compliance. • Assess and identify security controls for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2). • Evolve Peach's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents.

Qualifications

• 7+ years of enterprise information security or relevant technology experience. • 2+ years experience leading a team of InfoSec/cybersecurity professionals. • A breadth of hands-on and senior leadership experience in security, engineering, or IT management. • In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria. • Thorough understanding of SDLC and Application Security Policies, Design and Documentation. • Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements). • Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc). • Fundamental understanding of Incident Management and Security Operations. • Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies. • Experience securing and navigating cloud platforms, such as GCP or AWS platforms. • Knowledge of common operating systems (e.g. Windows, Linux, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level. • Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences. • Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs. • Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx). • Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing approach or method to best fit the situation. Able to effectively partner with cross-functional teams to coordinate activities and accomplish goals. • Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding. • Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently. • Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs. • Natural problem solver; analytical and oriented towards diagnosis and remediation. • Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience.

Benefits

• Work in the East-Bay or remote! • Be part of the first professionals in a rapidly-growing team. • Shape the overall product and culture. • Full benefits, including healthcare, parking and/or commuter benefit, gym membership, and more. • Small & friendly work environment.