Listing Description
Reporting to our Vice President of Technology, the Director of Information Security will ensure a security posture across the entire organization that efficiently protects our customers, employees, and the business. This individual will lead the team that defines and implements our company-wide information security program.
Responsibilities:
- Own Paper’s information security program, supporting strategic business objectives such as incident response, risk assessment, data protection, physical security, and security training.
- Maintain and revise corporate policies, controls, and procedures that govern Paper’s global security program.
- Coordinate with internal stakeholders to drive compliance with policies and standards to help ensure consistent application of security practices across the organization.
- Develop and manage corporate-wide control activities, such as vulnerability and penetration tests, and incident response test exercises.
- Be a tireless champion of compliance across the team, asking hard questions and proactively helping define reasonable compliance and business strategy balanced solutions.
- Lead application and cloud security on our platform, ensuring we continue to build and maintain a secure platform that protects our users' data.
- Serve as a subject matter expert on cybersecurity, compliance certifications, and applicable security regulations.
- Lead our pursuit of compliance certifications and regulatory assessments.
- Develop metrics to gauge the effectiveness of our security program.
- Advise senior management on the state of the security program.
- Collaborate closely with the engineering team to ensure that the highest levels of information security are maintained.
- Stay abreast of the latest information security technology and ensure Paper is using the best tooling to support the information security program.
- Effectively communicate Paper’s security program with external parties such as customers and auditors.
- Uphold and embody Paper’s mission, vision, and values.
Qualifications:
- Deep knowledge of information security governance, risk and compliance frameworks, regulations, and industry standards (including SOC 1 & 2, ISO 27001), and a strong understanding of how they apply to SaaS organizations and products.
- Experience leading teams and influencing activities across functions without formal authority to deliver results.
- Comfort with working in large, remote teams.
- Experience responding to customer and prospect vendor security requests / questionnaires.
- Ability to communicate effectively, both orally and in writing, technical and non-technical content to all organization levels.
- Strong project management and organizational skills.
- Strong problem solving and troubleshooting skills.
Job perks:
- Work with a dynamic team that provides support whenever you get stuck.
- Remote first environment.
- Bi-annual company-wide meetups.
- Opportunity for career development with a fast-growing company.
- A unique opportunity to make an impact by making education more equitable.
- Stipend to help support the growth of your home office.
- 24/7 access to Paper for family members K-12.
#LI-ST01 #LI-hybrid
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided