Manager of Information Security, New York City at Validate.ly
New York City, NY, US

About Validately

Validately’s mission is to help teams build products that customers love. We believe that we are changing the world by improving the experience people have with the products they use so much. We do this by living and breath research.

Validately is a growth stage company, that just tripled revenue and is also cash flow positive! Our current customer list includes: Google, Microsoft, Allstate and many other great companies. We are led by two multiple time successful entrepreneurs along with an extraordinary team.

At Validately, we believe that a diversity of experiences in the workplace ensures a broader range of perspectives, a more inclusive company, and better products. We welcome individuals from all walks of life to consider becoming a part of it. Women, individuals with disabilities, veterans, and minorities (particularly Black, Latinx, Native American, LGBTQ, or individuals who were the first in their family to go to college), are encouraged to apply.

Position description

The Director of Information Security will keep appropriate departments up to date on emerging vulnerabilities and newly introduced risks to systems, and secure systems against threats throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats, vulnerabilities, governance, risk, and IT compliance. You’ll report to the CTO.

Requirements/Skills

  • Bachelor’s degree in Computer Science or technical discipline, or equivalent experience in an IT-related field.
  • 5 years + of experience in the information security field, especially in a security engineering or architecture role, with 2 years of leadership in an information security role within a SaaS organization.
  • Ability to hire and build a team to help implement our security goals
  • Proven experience with current IT security technologies.
  • Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
  • Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences.
  • Ability to put security risks in appropriate business contexts and prioritize security improvements.
  • Professional information security certifications such as CISSP, CISM, or CISA
  • Strong analytical and problem-solving skills.
  • Experience with industry compliance standards such as ISO, SCO, PCI
  • Strong management and organizational skills.
  • Excellent written, verbal communication and presentation skills.
  • Required to work from our Midtown, NYC office.

Primary Responsibilities

  • Build and implement a plan for Validately to become compliant with a well known industry security standard such as ISO, SOC, PCI. Ensure Validately maintains ongoing compliance, once certified.
  • Conduct regular technical risk assessments and audits of systems and infrastructure, contractors and vendors.
  • Maintain a risk management program for technology efforts.
  • Develop, maintain and publish security policies, processes, standards and guidelines, and oversee training and distribution of security policies and practices.
  • Provide support to sales team and customers during and after sales cycles.
  • Investigate and document security incidents, including impact analysis.
  • Maintain a current understanding of the IT threat landscape.
  • Ensure compliance with the changing laws and applicable regulations.
  • Identify risks and create actionable plans to protect the organization and clients.
  • Coordinate the delivery of security audits, vulnerability assessments, and penetration tests.
  • Ensure that information security policies and procedures are communicated to all personnel and that compliance is enforced.
  • Provide training and mentoring to security team members.
  • Brief the executive team on information security status and security risks.
  • Communicate best practices and risks to all parts of the business.
  • Provide guidance to management on a wide range information security standards, best practices, and compliance requirements.

If you believe that you meet these requirements, please submit resumes.