Director of Information Security

About the Role:

We are looking for an accomplished and forward-thinking Director of Information Security to join our leadership team. You will lead the security, privacy, governance, compliance and risk management functions for our innovative and fast-moving company. Our customers rely on us for their mission critical functions, and their trust and safety are critical to our success. In this role you will partner with teams across the company to design and implement robust security and risk mitigation strategies, ensure compliance with industry regulations, and efficiently support our business objectives. You’ll serve as key advisor to our executive team on security and compliance matters, and drive a security-focused culture across the entire organization.

You Will:

• Lead a team of high-performing compliance and security professionals and provide career guidance
• Define our forward-looking information security strategy to support business goals and mitigate risks. Drive maturation of our compliance and security processes and practices
• Provide guidance to leadership on security and compliance priorities for the company and communicate status to stakeholders
• Partner with internal business function leaders (e.g., IT, Legal, Engineering, Vendor Procurement, HR, etc.) to deliver successful, business-enabling security, privacy and risk management practices 
• Ensure secure software development practices by defining standards, developing automation and providing tooling
• Manage security operations including identification and remediation of vulnerabilities and security monitoring, and response to security incidents
• Coordinate consistent, accurate and efficient responses to prospective and existing customer security questionnaires
• Develop, update, and/or maintain standard operating procedures, including any associated KPIs and reporting
• Maintain SOC2 compliance and design/facilitate future compliance initiatives supporting business objectives
• Maintain and administer compliance tooling, evidence and associated documentation
• Coordinate internal and third party compliance audits for security and privacy, liaising between third party auditors and internal staff
• Maintain subject matter expertise of applicable privacy laws and regulations and align corporate practices as required
• Provide functional expertise to support the organization's risk identification, assessment and treatment processes. Orchestrate regular review of the corporate risk matrix
• Coordinate, assess and improve regular testing of business continuity/disaster recovery practices
• Provide training on security and compliance across the organization

You Have:

• 10+ years of experience in security, privacy and/or compliance roles supporting software development, ideally in an enterprise SaaS context
• 7+ years of experience in leading security, privacy and/or compliance teams
• Deep knowledge of - and proven ability to implement and manage - security, privacy and risk management compliance programs
• Expertise with cybersecurity,  risk assessment, vulnerability assessment tools and best practices
• Knowledge of security, compliance and regulatory frameworks 
• Ability to roll up your sleeves to tackle projects individually while leading a team
• Demonstrated ability to deliver results collaboratively through establishing shared strategic vision
• Eagerness to thrive in a fast growing, dynamic environment and comfortable working remotely with a 100% distributed team
• Strong verbal and written communication skills and demonstrated technical competency, with adaptability to address audiences from diverse teams and roles (individual contributors to executives)
• An ability to empathize with your fellow employees, designing and negotiating policies and procedures that enable needed business outcomes while minimizing friction and overhead

Nice to Have: 

• Experience with data infrastructure systems, esp. real-time systems
• Experience with security and privacy in a Cloud environment (AWS, GCP, Azure)
• Relevant certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)

U.S. base salary range for this role is $255,500 - $300,000 (CA, NY, WA) and  $244,500 - $287,000 (other US locations). Our salary ranges are determined by role, level, and location. As a remote-first company, we strive to consider each candidate's job-related skills, location, experience, relevant education or training to determine individual base salary. Your talent partner will share more about the specific salary range for your preferred location during the hiring process.

Redpanda is used by Fortune 1000 enterprises pushing hundreds of terabytes a day, as well as by the solo dev prototyping a React application on her laptop. Think of it as a streaming data API platform that scales with you from the smallest projects to petabytes of data distributed across the globe.
Join Redpanda if you’d enjoy being part of a fast-moving, 100% remote organization with team members around the globe and a culture based on trust, transparency, communication, and kindness. 

#LI-Remote