Director of Information Security

Summary

Join Redpanda as their Director of Information Security and lead the security, privacy, governance, compliance, and risk management functions. Partner with various teams to design and implement robust security and risk mitigation strategies, ensuring compliance with industry regulations. Serve as a key advisor to the executive team on security and compliance matters and cultivate a security-focused culture. Lead a high-performing team of compliance and security professionals, defining the forward-looking information security strategy. Manage security operations, including vulnerability remediation, security monitoring, and incident response. Maintain SOC2 compliance and support future compliance initiatives. This role requires strong leadership, technical expertise, and collaboration skills.

Requirements

• 10+ years of experience in security, privacy and/or compliance roles supporting software development, ideally in an enterprise SaaS context
• 7+ years of experience in leading security, privacy and/or compliance teams
• Deep knowledge of - and proven ability to implement and manage - security, privacy and risk management compliance programs
• Expertise with cybersecurity, risk assessment, vulnerability assessment tools and best practices
• Knowledge of security, compliance and regulatory frameworks
• Ability to roll up your sleeves to tackle projects individually while leading a team
• Demonstrated ability to deliver results collaboratively through establishing shared strategic vision
• Eagerness to thrive in a fast growing, dynamic environment and comfortable working remotely with a 100% distributed team
• Strong verbal and written communication skills and demonstrated technical competency, with adaptability to address audiences from diverse teams and roles (individual contributors to executives)
• An ability to empathize with your fellow employees, designing and negotiating policies and procedures that enable needed business outcomes while minimizing friction and overhead

Responsibilities

• Lead a team of high-performing compliance and security professionals and provide career guidance
• Define our forward-looking information security strategy to support business goals and mitigate risks. Drive maturation of our compliance and security processes and practices
• Provide guidance to leadership on security and compliance priorities for the company and communicate status to stakeholders
• Partner with internal business function leaders (e.g., IT, Legal, Engineering, Vendor Procurement, HR, etc.) to deliver successful, business-enabling security, privacy and risk management practices
• Ensure secure software development practices by defining standards, developing automation and providing tooling
• Manage security operations including identification and remediation of vulnerabilities and security monitoring, and response to security incidents
• Coordinate consistent, accurate and efficient responses to prospective and existing customer security questionnaires
• Develop, update, and/or maintain standard operating procedures, including any associated KPIs and reporting
• Maintain SOC2 compliance and design/facilitate future compliance initiatives supporting business objectives
• Maintain and administer compliance tooling, evidence and associated documentation
• Coordinate internal and third party compliance audits for security and privacy, liaising between third party auditors and internal staff
• Maintain subject matter expertise of applicable privacy laws and regulations and align corporate practices as required
• Provide functional expertise to support the organization's risk identification, assessment and treatment processes. Orchestrate regular review of the corporate risk matrix
• Coordinate, assess and improve regular testing of business continuity/disaster recovery practices
• Provide training on security and compliance across the organization

Preferred Qualifications

• Experience with data infrastructure systems, esp. real-time systems
• Experience with security and privacy in a Cloud environment (AWS, GCP, Azure)
• Relevant certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)

Benefits

• U.S. base salary range for this role is $255,500 - $300,000 (CA, NY, WA) and $244,500 - $287,000 (other US locations). Our salary ranges are determined by role, level, and location. As a remote-first company, we strive to consider each candidate's job-related skills, location, experience, relevant education or training to determine individual base salary. Your talent partner will share more about the specific salary range for your preferred location during the hiring process
• 100% remote organization with team members around the globe