Director, Information Security
Our growing Product Team is looking for a Director, Information Security to help design and implement security and compliance requirements throughout our organization. This position will report to our Senior Vice President, Product Development and will work directly with other leaders and security partners to ensure our systems and SaaS offerings operate securely. You will ensure our risks are managed and compliance requirements achieved.
With over 3,000 organizations in our customer base and a multi-product business, your actions and contributions are critical to maintaining our exceptional reputation with multiple market segments including Government Contracting (GovCon) as well as Architecture, Engineering & Construction (AEC).
What You’ll Do
- Work with multiple internal teams to coordinate and attain enterprise security goals
- Monitor and manage security vulnerabilities and threats, working closely with our security partner, SysArc (SOC)
- Act as the security liaison for both internal and external calls, answering security and compliance questions
- Support Sales and Customer Success teams on RFPs, security questionnaires, assessments, and contract terms
- Partner with Legal on matters related to compliance and security policy
- Lead audit planning, preparation and execution for various compliance requirements, including SOC1, SOC2, and CMMC Level 3
- Maintain current knowledge of industry and regulatory trends and developments, keeping up with industry demands and the demands of our target markets
- Implement and maintain security policies, standards, and guidelines, including disaster recovery, risk management, and incident response
- Develop strategic risk guidance for development and operations, including evaluation and recommendation of technical controls
- Monitor cybersecurity threats and direct teams to develop appropriate response and mitigation strategies
- Manage Knowbe4 and other security awareness programs, helping educate our workforce on appropriate security risk and mitigation strategies as well as compliance requirements
- Lead incident response efforts and help determine the appropriate courses of action
- Provide leadership, training, and guidance to internal staff members
- Assist in preparing financial forecasts and budgets for security operations (e.g., tools, contract, and audit costs)
Your First 90 Days
In your First 30 Days, you will participate in our two-week, virtual immersive onboarding, familiarizing yourself with our culture, our product and basic network infrastructure for our internal network as well as our SaaS offerings for our three product lines. You will review our current compliance landscape and become familiar with security projects currently in progress. You will participate in relevant standups and other periodic meetings with team members from SysOps, Development, and CloudOps, and begin learning the role of each of those teams. You will also meet regularly with our security partner, SysArc, to become familiar with their role.
In your First 60 Days, you will become well-versed in Unanet’s compliance requirements and assume driving in-progress audit activities (SOC1, SOC2, CMMCL3). You will develop an understanding of our existing processes and procedures related to disaster recovery, incident response, risk management, and change control. In partnership with other team leaders, you will be refining backlog items related to security initiatives and will begin to flesh out future roadmaps related to security and compliance across our organization. You will meet regularly with SysArc and will become the primary point of contact to our vCISO and deputy CISO there.
In your First 90 Days, you will take a leading role in our security and compliance strategy, defining and planning for projects in our internal networks as well as our SaaS offerings. You will uplift our security posture and will work directly with our vCISO at SysArc to define and measure the execution of our cybersecurity roadmap. As the central point for security at Unanet, you will develop collaborative working relationships with all security stakeholders, providing guidance to each team appropriate to their function, while ensuring that each team’s activities fit into the overall strategy for compliance and security.
Who You Are
- 7+ years of experience in a security-related field (e.g., security architecture, IT strategy), directing the activities of other managers running cybersecurity or technology teams
- Prior experience hiring, mentoring and leading a small, high-performing team
- Demonstrated track record of implementing and maintaining scalable security and compliance programs in a cloud-first organization
- Prior experience partnering with cross-functional teams, including Legal, Sales, Customer Experience, Product and Executive Leadership Team
- Prior experience with NIST 800, CMMC, and SOC1/2/3 framework
- Excellent communication skills, experience with written deliverables, oral presentations, and the ability to facilitate conversations at various levels of the organization
- Bachelor’s degree in Computer Science, Information Technology Security, or related field
Your Differentiators
- Security certifications (e.g., CISM, CISSP)
- Familiar with applicable legal and regulatory requirements, including Sarbanes-Oxley, CCPA, GDPR, and Payment Card Industry (PCI) a plus
Our Values
- We are a Team. Employees, customers, and partners working together.
- We are Customer-Focused. Customers are the heart of everything we do.
- We are Driven. Seeking exceptional outcomes.
- We Own our Success. Every employee has a stake in our company.
- We do the right thing and have fun in the process.
Unanet is proud to be an Equal Opportunity Employer. Applicants will be considered for positions without regard to race, religion, sex, national origin, age, disability, veteran status or any other consideration made unlawful by applicable federal, state or local laws.