Director - Security, GRC, & Trust

At PagerDuty, we believe that people do their best in a culture that fosters inclusion, innovation, and success. Our values - Champion the Customer, Take the Lead, Run Together, Ack Own and Bring Yourself - serve as the foundation of our collaborative and dynamic culture. Whether it’s conducting a retrospective, participating in our monthly Hackdays, cranking out a new product feature, supporting our two PagerDuty bands, or doing our day to day work, Dutonians live and breathe these five values every day. Together, we solve real customer issues and fulfill our mission of connecting teams to real-time opportunities and elevate work to the outcomes that matter.  

Why We Need You

From the Fortune 100 to the smallest startups, technology companies rely on PagerDuty to help them understand the state of their infrastructure.  As the complexity and noise inside that infrastructure grows, companies are increasingly looking to PagerDuty to cut through their noise to find their important signals. 

We are looking for an experienced Director-level candidate as our (new) Director of GRC and Trust. You have a rich technical, organizational and operational experience working in and securing a cloud native environment focused on governance, risk and compliance and customer trust.  You value collaboration and have demonstrated the ability to work closely with cross-company group leaders including Product Management, Engineering, CIO/IT, Legal, PeopleOps and Sales to execute on large-scale projects. You are passionate about security and continuous improvement and will bring this front and center as you  help set the standards & processes that drive security across PagerDuty.  You will lead security-focused cross-functional projects to drive security maturity as well as support the security viewpoint in our cross-company initiatives as part of an amazing team that’s intensely focused on securing products, improving security processes, and building the future of security at PagerDuty.

How You Contribute to Our Vision: Key Responsibilities

• Responsible for leading and maturing our governance, risk and compliance discipline across application and infrastructure security for on-prem, OSS and cloud-based environments.
• Define and implement a robust and business appropriate risk and issue management discipline in support of internal and external cybersecurity risk management.
• Interlock with customers to represent PagerDuty’s security posture and standards, and bring customer feedback to security and product teams.
• Operationalize discipline for ongoing internal and external compliance and maintenance of security audits and evidence including SOC2 Type II and FedRAMP. 
• Collaborate with cross company teams to drive an environment of continuous security improvement.
• Use overall data and findings to identify and recommend enhancements and changes to increase product and infrastructure security posture.
• Support security operations to provide the protection of the confidentiality, availability, and integrity of customer data and building/maintaining customer trust.
• Partner with product/engineering, corporate operations, and employees to build and maintain a security-aware culture where everyone understands and plays their part.
• Provide thought leadership on modern security operations and help lead our infrastructure security organization in creating trust through security.
• Embody a continuous improvement discipline for personal and career growth. Mentor and grow infrastructure, application security and cloud security engineers. 

Skills and Attributes

• You have a track record of stepping up and leading successful complex security projects including roll-out of security discipline to engineering, operations teams.
• Proven track record of customer interaction including support for pre- and post-sales activities and support for customer enablement teams.
• Experience with support for internal and external audit activities including evidence gathering and management, interaction with auditors and management of audit timelines.
• Experience with application security disciplines including security reviews, testing, and management of findings through to remediation. 
• Experience with operational security disciplines including asset and inventory management, vulnerability scanning and patch/update disciplines for the management of findings through to remediation 
• Experience implementing and/or running an issue management discipline to ensure a robust lifecycle for the management of findings and issues, balancing security standards and operational realities.
• Experience with containerized applications, and technologies, such as Docker and Kubernetes.
• Experience working in a continuous delivery/continuous deployment environment.
• You have a desire to stay ahead of the latest industry trends and technologies; a track record of sharing contributions to the wider security engineering community and a commitment to continuous learning.
• You believe security should make it easy to do the right thing.
• You are an expert at leading collaborative efforts involving large groups. 
• Expert at building consensus within and across engineering teams. 

Minimum Requirements

• 5 years experience managing high performance security teams with 
• Outcome driven results 
• Sprint planning and KPI based measurements  
• 3 years of experience 
• Managing application and/or operational security, including IaaS, PaaS, SaaS
• Defining/implementing cloud-native based security best practices
• Operationalizing and running governance, issue and risk management disciplines 
• Leading or supporting external audit activities including SOC2, ISO27001, and ideally with FedRAMP experience
• Demonstrated history of employee engagement through coaching and mentoring, and leading both individuals and managers
• Excellent written and verbal communication skills.
• The ability to identify and effectively communicate the business impact of cybersecurity risk to stakeholders and team members.
• The ability to solve security problems without saying "No".

Preferred Qualifications

• Certifications such as AWS Security Speciality, (ISC)2 Certified Cloud Security Professional (CCSP), (ISC)2 CISSP (Certified Information Systems Security Professional).
• Experience with AWS cloud security best practices, and AWS security technologies such as AWS IAM, AWS Organizations, AWS Shield, AWS GuardDuty.