Senior Director, Information Security Policy, Risk, and Compliance

The Role:

Reporting to the Head of Information Security, the Senior Director of Policy, Risk, and Compliance is responsible for managing all aspects of cybersecurity risk including policy and governance, risk management, regulatory compliance, awareness and outreach, business continuity, and data governance and protection.

The successful candidate will be an innovative and strategic thinker with excellent communication skills and a desire to collaborate across the enterprise to design solutions that support our business as we continue to scale and grow.

This is an ideal role for someone who wants to work as part of a small team to build, run, and evolve the cybersecurity infrastructure in a growing, well-funded startup company that prioritizes its employees’ growth and development, and to share leadership as the company grows.

Here’s What You’ll Do:

• Collaborate with business units to ensure that security is aligned with business goals and results
• Lead awareness and outreach, including training, phishing exercises, phishing reporting, our newsletter, and special events
• Own the information security policies and governance processes
• Implement and operate a data governance program with supporting data protections
• Lead information security risk management including vendor assessment and vulnerability management
• Lead compliance with regulatory and other frameworks, including 21CFR11, Annex 11, SOX, GDPR, NIST CSF, CIS Critical Controls, SOC2, and ISO27001
• Build and maintain close and effective working relationships with stakeholders across the business including Legal, Quality, and Regulatory
• Track industry developments to maintain a thorough understanding of current and future directions and trends
• Actively participate in technology and information security conferences and professional organizations
• Assist with incident response as required

Requirements:

• 10 years of progressive experience in information security
• Strong communications and collaboration skills
• Proven ability to ask better questions, listen to the answers, and solve the right problems
• Demonstrated capability to synthesize and summarize information including impacts and recommendations
• Experience defining, managing, and measuring outcomes for complex projects
• Proficient in quantitative and qualitative analysis and data-driven decision-making
• Ability to influence collective action without direct authority