**This role is remote but you must be located in Pacific or Mountain Time Zones, as it works closely with our colleagues in Australia**

The Opportunity:

As Information Security Officer, you will play a leading role in managing our Information Security. You’ll join an enthusiastic, experienced, and rapidly expanding team who operate both from within our offices and from home. Operating within whole-of-company scope, you’ll report to our CTO to plan for and execute our best-practice infosec policies and procedures, and in general operating to support our applications and services through satisfying the security requirements of our customers and users.

Our company is built on good practice and high standards. Passion for our customers, and a willingness to put their needs first is at the center of everything we do. We have a long history of going the extra mile to make sure our customers are happy. We’re looking for someone to join our team to continue building out our Information Security practice, ensuring that all new initiatives are designed with customer needs in mind from the start, and considering not only where we want to be but how we will get there.

About Performio:

We are a small, but mighty company offering incentive compensation management software (ICM) that regularly beats the legacy incumbents in our industry. How? Our people and our product.

Our people are highly-motivated and engaged professionals with a clear set of values and behaviors. We prove these values matter to us by living them each day. This makes Performio both a great place to work and a great company to do business with.

But a great team alone is not sufficient to win. We also have a great product that balances the flexibility that large companies need in a sales commission solution with the great user experience buyers have come to expect from modern software. We are the only company in our industry that can make this claim and the market has responded favorably. We have a global customer base across Australia, Asia, Europe, and the US in 25+ industries that includes many well-known companies like News Corp, Johnson & Johnson and Vodafone.

What you’ll be doing:

• Overseeing the Information Security of our company. Lead the function of Information Security, identifying initiatives that should be undertaken and obtaining buy-in from the rest of the organization. Develop, implement and monitor a strategic, comprehensive enterprise Information Security and IT risk management program.
• Guide software development and architecture documentation related to product security (software requirements specifications, software architecture diagrams, risk mitigation traceability).
• Managing risk and compliance. Facilitate the risk management process, keeping our senior leadership team informed and proposing the selection of safeguards to keep us secure. Lead Performio's current and future compliance efforts such as SOC-2, GDPR, and CCPA. Head up our Information Security Management Committee.
• Engaging with customers. Ensure that all existing and potential customers have their Information Security requirements met.
• Ensuring business continuity. Coordinate the business impact analysis process and the creation and evolution of our incident response plans. Lead Information Security incident response team to contain, investigate and prevent future device/system security breach.

Requirements

What we’re looking for:

• Minimum of 5 years of experience in a combination of risk management, information security, audit, and compliance roles
• Demonstrable knowledge of common information security management frameworks, such as SOC-2 and ISO/IEC 27001
• Demonstrable knowledge of common information privacy frameworks, such as GDPR and CCPA
• Solid SaaS and Cloud security experience, in-depth understanding of AWS, including managed services relevant to the Information Security
• Excellent written and verbal communication skills and a high level of personal integrity
• Excellent problem-solving and analytical skills
• High level of comfort working with ambiguity or uncertainty and converting information into quantifiable concepts
• Experience operating in and with agile teams
• Please note that applicants should hold a relevant Information Security certification. CCSP, CEVv11, CISSP, CISM, CISA are strongly preferred.

Benefits

Why us?

We’re fast-growing, but still small enough for everyone to make a big impact (and have face time with the CEO). We genuinely care for our customers and we are passionate about solving our customers’ sales compensation challenges. Led by a strong set of company values, we play to win and are incentivized to succeed through our employee equity plan.

We’ve adapted well to the work from home lifestyle, and encourage flexible working arrangements. Some of our staff work full time from home, while others prefer working from one of our offices, or a combination of home and office.

Our values speak strongly to who we really are. They mean a lot to us, and we use them every day to make decisions, and of course to hire great people!

• Play to win - we focus on results, have a bias to action and finish what we start
• Paint a clear picture - we’re clear, concise and communicate appropriately
• Be curious - we surface alternative solutions and consistently expand our knowledge
• Work as one - we all pitch in but also hold each other to account
• Do the right thing - we put what’s right for our customers over our own ego

What You Will Receive:

Performio offers competitive salaries and a generous benefits package. You will receive an annual salary that is between the middle and high end of the market depending on your experience. You will also receive the following company benefits:

• Equity plan – all employees are also owners
  
• Unlimited paid vacation & paid company holidays
• Health, vision, and dental insurance
• Company-sponsored 401(k) program, company contributes 3% of your salary annually regardless of what you put in
• Laptop, mouse, keyboard, and monitor
• WeWork membership
• Free parking (at Irvine headquarters)

Don’t check every box in our job description? That’s ok! As the Harvard Business Review points out, research conducted by Hewlett Packard shows that men typically apply to jobs when they meet an average of 60% of the criteria, while women and those from marginalized groups tend to only apply when they feel they meet 100%. If you think you have what it takes, but don’t necessarily meet all of the requirements listed in the job description, please still reach out. We’d love to have a conversation to see if you could be a great fit!