Director of Security

What You Will Love About Us

• Competitive Medical, Dental, & Vision Insurance plans
• HSA that includes company contributions
• Flexible PTO and work schedules
• 401k with company match
• Employee stock purchase plan
• Maternity & paternity leave new baby bonuses
• Brand new building with an onsite gym
• Onsite salon- free haircuts!
• Anniversary gifts
• Company holiday and summer events
• We believe in diversity and inclusion! Join one of our Peer Resource Groups 

Weave is looking for a talented, passionate, and experienced Director of Security to lead Weave’s security program. A successful candidate will oversee and lead the development, implementation, and maintenance of Weave’s information security policies, controls, processes, tools, team members, and capabilities. This key team member will be aligned within the organization in such a way to allow them to be successful in influencing security best practices throughout Weave, and will report directly to Weave’s Chief Legal Officer.

This team member will work closely with every member of Weave’s executive and extended leadership team members and will be responsible for leading the continuous improvement of all aspects of security throughout Weave, including Weave’s products and internal operations. The candidate must have an eye for identifying key security risks, assessing and ranking those risks, and using commercially reasonable means to mitigate those risks within reasonable timeframes.

This leader will be a collaborative team player who works well with others to build consensus around security direction, tactical plans, and initiatives, will also naturally earn the trust of team members in order to drive a culture of security, and will also support the achievement of Weave’s business goals while embracing and emboldening Weave’s core values and company culture.

You will own:

• Execute Weave’s security vision and strategy, achieving objectives that mitigate or reduce security risks and diffuse threats against Weave. 
• Develop, implement and administer technical standards and solutions, as well as a suite of security services and tools to address and mitigate information security risk.
• Oversee Weave’s security program, which includes leading a team of talented, passionate, and driven security professionals, who operate Weave’s application security, security engineering, and security operations functions.
• Identify risk mitigation strategies that address identified security gaps and challenges. Identify and analyze potential security risks to Weave, and implement effective security controls to reduce risks and vulnerabilities to a reasonable and appropriate level.
• Propagate a security-minded culture throughout Weave.
• Partner with executive and extended leadership team members to include security objectives into their respective organizations’ objectives.
• Continuously improve and enhance the security of Weave, Weave’s products, and Weave’s systems.
• Partner with IT, product and engineering team members to build-in security as part of the product development lifecycle and IT operations.
• Directly contribute to and oversee the design and operating effectiveness of Weave’s security controls.
• Support Weave’s security compliance with regulatory and industry security compliance, including, but not limited to, HIPAA, PIPEDA, CCPA, GDPR, NIST, ISO, SOX, PCI-DSS, and SOC2. Lead and participate in internal and external assessments associated with these security compliance frameworks. Facilitate engagement with external assessors to help ensure smooth audits and the timely providing of audit evidence.
• Ensure the ongoing remediation of security flaws, including vulnerability patching, exploit mitigation, and continuous monitoring of Weave’s systems against intrusion.
• Lead the security incident response capability and cross-functional response team in identifying, responding to, mitigating, and reporting information security incidents.
• Regularly report to Weave’s executive leadership team, Board of Directors, and Audit Committee on Weave’s state of security, including topics of security and internal IT strategy, risks, and operations, including KPIs and management metrics to report on the health and effectiveness of the security.
• Act as a key stakeholder and participant in enhancing and operating Weave’s third-party screening and risk management program.

What you need to accomplish the job:

• A proven track record of success in partnership and collaboration with executive leadership for the development and delivery of solutions in a growth-minded organization.
• Ability to build strong networks, relationships, and identify key decision-makers to assist in accomplishing business objectives.
• Displays a high degree of interpersonal skills, tact, and diplomacy; strong collaboration skills with peers and colleagues.
• Ability and willingness to roll up your sleeves – acknowledging that no job is too small to do.
• In-depth knowledge of regulatory requirements and information security and privacy best practice frameworks, such as HIPAA, PIPEDA, CCPA, GDPR, NIST, ISO, SOX, PCI-DSS, and SOC2, among others.
• Experience in highly-regulated industries including the healthcare, financial services, or telecommunications sectors.
• Excellent written and oral communication skills.
• Bachelor’s degree (or higher) in relevant field (Management Information Systems, Information Technology, Computer Science, Information Security)
• Certified Information Systems Security Professional (CISSP) or similar preferred.
• 12 years of product security, information security and cyber security experience.
• 5 years of leadership experience and creating information security strategy and programs.
• Previous experience leading and developing a high-performing information security team preferred.
• Prior experience with cloud computing infrastructures involving IaaS/SaaS/PaaS services, including Google Cloud Platform and Amazon Web Services.
• Must be based in Utah or willing to relocate to Utah.