Position Overview

You’re a strong collaborator ready to work with teams from sales to engineering to implement a first-class security program. Our Director of Security & IT will drive transformational change in how we manage security risks across the company’s business functions. The role requires strategic vision, the ability to influence change, and a coherent understanding of how security data can be leveraged to empower leadership teams across the business.

The ideal candidate would be someone who can adeptly build frameworks for security governance, embed threat-based risk assessment processes, and also elevate cyber security within the business. You will be responsible for leading a team of security, compliance, and IT professionals who are responsible for security and compliance needs across the business - including, but not limited to SOC2, ISO 27001, GDPR, CCPA, etc.

What you’ll be doing

• Guide executive Leadership in aligning with a progressive IT and security strategy in line with Fountain’s strategic goals and industry best practices
• Lead Fountain’s security engineering, IT, and GRC programs; Identify, assess, and prioritize security risks, and develop strategies to mitigate potential threats to the organization
• Lead efforts to protect sensitive data, ensuring compliance with relevant privacy regulations (e.g., GDPR, CPRA) and industry standards (e.g., SOC2, ISO 27001)
• Oversee the design and implementation of IT, Application and Cloud security measures for our cloud-based infrastructure
• Manage the BCDR & incident response plan to address and mitigate security incidents promptly and efficiently
• Maintain a culture of security awareness and education among employees, promoting a strong security-first mindset
• Manage vulnerability assessment and remediation processes to identify and address potential security weaknesses
• Enforce IT & Security policies, standards, and procedures across the organization
• Liaise with various teams (e.g., legal, sales, engineering, etc.) during the sales cycle to review contracts, complete RFPs, respond to due diligence questionnaires, participate in sales calls with the customer, etc. as needed to help the organization meet their goals
• Lead a high-performing IT & Security team, providing mentorship, guidance, and professional development opportunities
• Evaluate and manage security risks associated with  vendors and partners.
• Stay up-to-date on new security technologies and industry best practices and drive improvements as needed

What you should bring

• 5+ years leading security teams
• 10+ years of hands-on experience in security engineering and/or GRC
• Experience securing Software-as-a-Service (SaaS) and cloud environments (we primarily use AWS)
• A track record of working with sales and legal to review contracts and complete RFPs to close deals as well as completing industry recognized security assessments (e.g., CAIQ, VSA, SIG, etc.)
• Experience engaging and collaborating with stakeholders across the organization to build secure processes and procedures
• Experience authoring, reviewing and maintaining information security related policies and procedures
• A history of building, securing, and automating enterprise-scale infrastructure and systems

Salary Range: $220,000 - $286,000 USD