Director of Information Security – Remote Jobs

Job Type: Director of Information Security from home
Location: Boston work from home
Company: UpRecruit

Responsibilities:

• Create and implement security policies that encompass every step of the software development lifecycle, from conception to implementation.
• Take complete ownership of patch management, maintain rigorous adherence to legal and industry standards, and comply with regulatory requirements (PCI, SOC2, ISO, etc.).
• Determine and reduce the risks related to database management, giving the security, integrity, and availability of data a priority.
• When working with other organizations like partners, vendors, and contractors, put strong security measures in place to protect confidential data from unwanted access.
• Adopt best practices for cybersecurity, such as monitoring bug bounty programs, conducting frequent penetration tests, scanning for vulnerabilities, and managing threat intelligence.
• To maintain a robust defense posture, encourage the development of a top-tier security team composed of infrastructure security specialists, security engineers, and SOC staff.
• To maintain operational resilience in the face of interruptions, create and implement business continuity plans (BCP), disaster recovery (DR) policies, and comprehensive business impact analysis (BIA).
• Take the lead in proactive security procedures by keeping abreast of new threats, technological advancements, and industry norms.
• Represent the company at conferences and industry get-togethers, promoting our security measures and raising our visibility as an organization.
• Share security best practices via blogs and other platforms to raise awareness and promote education both inside the organization and in the community at large.
• Provide executive leadership with regular security updates and reports that include recommendations for strategic directions and insights into the organization’s security posture.

Requirements:

• Possess a Bachelor’s or Master’s degree in information security, computer science, or a related subject.
• Have proven experience leading information security teams at the senior level, preferably in rapidly expanding SaaS contexts.
• Demonstrate a thorough understanding of security frameworks and standards, such as PCI DSS, SOC2, ISO 27001, and NIST.
• Show that you have a thorough understanding of software development processes and that you can easily include security procedures into the SDLC.
• Demonstrate a history of leading security efforts in a variety of cloud and technology contexts.
• Demonstrate outstanding abilities in communication and interpersonal relations, enabling productive interaction with stakeholders across all organizational levels.
• Possess credentials from the relevant industry, such as CISA, CISM, CISSP, or similar.
• Present a track record of accomplishments in public speaking and thought leadership in the field of information security.