Director, Information Security
Top Hat is seeking a Director, Information Security to lead our InfoSec practice, including Product and Enterprise security. Reporting to the CTO, you’ll plan and execute security initiatives across the company, starting with leading our program to achieve StateRAMP certification. You’ll work with executive management to determine acceptable levels of risk for the organization, assess the current state of risk, and put forth treatment plans to meet the security objectives. This position is responsible for establishing and maintaining a corporate-wide information security management program, privacy regulation controls, and a compliance program to ensure that information assets are adequately protected. You’ll take ownership of our security vision, roadmap, and practices going forward, working closely with our Engineering, IT, and Legal leadership and teams.
We take a DevSecOps approach to delivery and production ownership. This applies to our security strategy as well: as the primary owner of security for the organization, you’ll directly manage security projects as well as establish and enable patterns and policies to ensure strong security practices are adopted within each of our functions, domains, and teams.
This role can be based out of our Toronto office, or fully remote, anywhere in Canada or the US.
– Take ownership of our StateRAMP compliance program and drive it to timely completion.
– Set the vision for our security roadmap and evolve and expand our existing security practices to meet or exceed market requirements.
– Evangelize and advocate for strong security practices across the organization.
– Build a culture of security ownership rooted in shared values.
– Work in a continuously deployed AWS cloud environment.
– A leader with demonstrated success driving enterprise security and compliance programs who still wants to get your hands dirty and contribute directly to implementation.
– Experienced with leading Application Security, DevOps, or Cloud Security functions
– Experienced with cloud computing technologies, managing cloud infrastructure as code, and with security commitments to customers and partners.
– Knowledgeable of relevant legal and regulatory requirements such as StateRAMP, Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA) and frameworks, such as ISO/IEC 27001, and NIST.
– Highly experienced in developing information security policies and procedures, as well as successfully executing programs
– Skilled at communicating security and risk-related concepts to technical and non-technical audiences
– Empathic and emotional intelligent to lead a diverse group of engineers and managers at varying stages of their careers
– A values and people oriented leader who can drive change through advocacy and influence.
– Biased to action and obsessed with delivery. You get things done.
– A pragmatist. You understand that security policies are driven by market requirements and risk management. You are comfortable advising executive leadership and making decisions based on risk/reward assessments.
Is this posting closed?
Report a Dead Link
We do our best to remove postings when they're taken down, but as a small team we sometimes miss a few. Thank you for helping us stay current.