Director, Information Security

Summary

Join G2, a global leader in the software marketplace, as the Director of Information Security. Lead and mentor a team of security professionals, developing and executing G2's security strategy. Align G2 with global regulatory and framework compliance, anticipating and reacting to policy changes. Drive strategic planning for emerging privacy regulations, providing executive guidance and building scalable compliance frameworks. Oversee security architecture, threat modeling, risk assessment, and incident response. Establish policies and procedures across vendor relationships, AI/ML systems, and physical security. Identify and implement process and technology improvements, and raise the acumen of information security personnel. Be accountable for resolving IT security issues and communicating with global stakeholders during security incidents. This role requires extensive experience in information security, leadership, and compliance, along with strong communication skills. G2 offers generous benefits including flexible work, ample parental leave, and unlimited PTO.

Requirements

• 8+ years of Information Security experience
• 3+ years leadership experience
• 3+ years of experience with AWS
• Experience managing SOC 2 certifications, ISO 27001, penetration testing, and GDPR compliance
• Experience with AI/ML security and governance
• Proven leader with expertise supported by multiple certifications or coursework
• Strong communication skills working across a globally diverse team
• Proven experience negotiating with enterprise vendors to reduce costs
• Vision to anticipate shifts in priorities and easily adapts to solutions

Responsibilities

• Leads a team of Information Security managers and analysts to support vendor, partner, and internal business needs while developing and executing our security strategy
• Aligns G2 with the department level strategic planning, implementation, and optimization of security priorities for internal employees within an agreed SLA and in alignment with global regulatory and framework compliance, all while anticipating and reacting to changes in policy
• Drives strategic planning to anticipate and prepare for emerging privacy regulations and compliance requirements, provides executive guidance to privacy and compliance teams while enhancing program maturity, and partners with business stakeholders to build scalable compliance frameworks that enable growth
• Identifies and implements process and technology improvements to yield high efficiency or effective impacting long-term business goals
• Oversees security architecture decisions and implementation, leads threat modeling and risk assessment processes, guides security engineering practices and cloud security controls, and implements and maintains security monitoring and incident response capabilities
• Establishes policies and operational guidelines for Information Security across all vendor relationships
• Establishes policies and procedures to manage and enforce the Vendor Risk Management Policy by overseeing security reviews of G2 third party vendors
• Establishes governance frameworks for AI/ML systems, ensures responsible AI development practices, and implements controls for AI data security and privacy
• Oversees the management, configuration, and proactive monitoring of physical security
• Establishes market benchmarks and provides leadership and guidance to technical teams regarding architecture and procedures
• Identifies, evaluates, and improves the implementation and use of new and existing information security tools to meet established measurements
• Raises the acumen and authority of information security personnel through awareness and maintains compliance training resulting in industry leading engagement
• Establishes, communicates, and monitors information security programs effectively with other teams within the G2 organization
• Accountable for the resolution and proactive management of company IT security issues, avoiding business risk
• Establishes global informative information security training to ensure a deep understanding of security across G2 in accordance with policies of the organization
• Perceived as internal and external subject matter expert for all Information Security activities
• Responsible for communicating to global customers, partners, and vendors to independently develop a go-public plan in the event of a security incident
• Creates improvement programs applying industry trends, technologies, and standards into G2 to meet long-term business goals

Preferred Qualifications

• Relevant certifications (CISSP, CISM, CRISC)
• Experience in B2B SaaS environments
• Privacy certifications (CIPP/E, CIPM)
• Experience implementing zero trust architectures
• Background in application security

Benefits

• Flexible work
• Ample parental leave
• Unlimited PTO