Job Posting

Vice President, IT Security

MINDBODY, Inc

San Luis Obispo, CA US

Description

The Vice President of IT Security will lead our Information Security & Technology Risk Management functions. Reporting to the Sr. Vice President of IT, this role will have direct responsibility for developing and managing all aspects of information security, including:

Information Security Policies & Standards
Information Security Operations
Information Security Architecture
Technology Risk Management

MINDBODY’s VP of IT Security will need to employ a blend of hands-on management of day-to-day information security activities, while also providing strategic thought leadership and planning. The VP of IT Security must be comfortable diving into technical details to solve challenges. The incumbent will be responsible for making intelligent and pragmatic decisions around prioritization of efforts, based on risk.

POSITION REQUIREMENTS:

Demonstrate a strong understanding of information security in relation to large scale systems.
Experience working with information technology systems and business processes, within a SaaS services environment.
8 + years’ experience managing distributed technology teams at scale.
Experience partnering with product development and corporate risk.
Effectively identifying, partnering and utilizing security services providers.
Proven track record of hiring and developing world-class technology teams.
Constantly monitor and adjust to the security threat landscape, with a strong tendency towards proactive engagement on potential threats.
Ensure that information security controls and risk management activities are operating effectively.
Strong understanding of PCI and SOX compliance.
Provide guidance and education across the firm about information security and technology risk management practices.
Interact at all levels of the company, as well as with regulators, internal and external auditors, and other key stakeholders.
Experience delivering products and services in a SAAS environment.
Oversee our disaster recovery and incident response programs.
Manage a rigorous 3rd party risk assessment & management process.
Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
Lead security initiatives and ensure their successful execution.
Review new platforms, designs and services to ensure sound security practices are considered.

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

1) Knowledge, skills & abilities

Have a thorough understanding of and experience implementing technology risk & controls frameworks.
Experience building and executing disaster recovery programs, incident response programs, security incident playbooks, tabletop exercises, and communication plans.
Proven track record of leading and partnering with SaaS services peers & information security working groups.
A strong background in information security policies & procedures, including knowledge of software development security practices and 3rd party oversight.
Excellent communication skills, both written and verbal, including the ability to create and deliver technical presentations to technical and non-technical staff, and communicating with executive and operational management.
Ability to assume leadership and management responsibilities in a matrix support organization.
Skilled in building teams of specialist to solve complex problems.
Ability to successfully multi-task numerous high priority tasks.
Knowledge or experience with penetration testing, security analysis, and ethical hacking.
Knowledge of Software Engineering Design and Architecture.

2) Minimum certifications/educational level:

Bachelor's degree in Computer Engineering, Computer Science, Electrical Engineering, MIS, and/or equivalent experience.
MS in Computer Science, Engineering, or Information Technology preferred.
10+ years of experience in information security leadership roles.
CISM equivalent industry certification (e.g. GSEC, CIW, RSA/CSE)

View Original Post

CIW Blog