Head Of It Security

Summary

Join Beekeeper, a company prioritizing security and privacy, as their experienced Head of Information Security. Reporting to the General Counsel and managing an Information Security Officer, you will oversee and enhance security efforts. Responsibilities include developing a strategic security vision, managing security controls, representing InfoSec externally, establishing a risk management framework, ensuring industry standard compliance, managing incidents, fostering a security culture, and managing vendor security. This role requires a university degree, 5+ years of information security experience, team management skills, excellent communication, and relevant certifications. The position offers a competitive salary, various reimbursements, a personal learning budget, a sabbatical program, generous paid time off, mental health days, and stock options.

Requirements

• University Education degree in a relevant field
• 5+ years of information security experience with demonstrated knowledge of information security management and governance, risk assessment and management, and audit
• Experience managing a team
• Excellent verbal and written communication skills in English
• Ability to present complex technical issues in a succinct and easily understandable way to a variety of internal and external audiences, including senior management
• Strong people management skills, especially in a matrix environment managing cross-functional teams and programs
• Outstanding organizational and planning skills, ability to cope with high volumes of work and tight deadlines
• Ability to switch between strategic thinking to practical implementation, not afraid to roll up sleeves and get stuck in, whilst also keeping the strategic perspective at all times
• Practical experience with common information security management frameworks, in particular ISO 27001
• Industry-recognised information security certifications (e.g. Certified Information Security Professional/CISSP, Certified Information Security Manager/CISM, Certified Information Security Auditor/CISA)
• In-depth knowledge of current and emerging data protection regulations in our core markets (GDPR, CCPA, HIIPA, Swiss Federal Act on Data Protection etc.)
• Flexibility to travel

Responsibilities

• Develop a strategic vision for the company security program, demonstrating how it will support Beekeeper in achieving its overall strategic objectives
• Create an annual security plan to track progress and address priorities effectively, always keeping in mind emerging trends and current threat landscape
• Manage, maintain and document the security controls and processes, and implement appropriate Key Performance Indicators (KPIs) to measure and report their effectiveness
• Areas of focus will include secure software development, identity and access management, vulnerability management, logging and monitoring, and incident response
• Effectively present and articulate our security practices, certifications, and compliance measures during sales processes, customer meetings, and external engagements to build trust and confidence
• Establish and implement a comprehensive Enterprise Risk Management framework and further develop our risk inventory
• Design and implement a framework that ensures appropriate decision rights, balancing the sometimes diverging expectations of the stakeholders, including prospects, customers, regulators, auditors and senior management
• Prepare and maintain relevant certifications and organizational readiness, as well as managing external relationships with the relevant regulator and accreditation organizations
• Help build organizational resilience through robust business continuity/disaster recovery planning and management
• Keep up to date with current and impending industry security standards and certifications
• Establish and refine security and privacy incident detection, response, and reporting processes to minimize impact and resolution time
• Lead and project manage various security, privacy, and other GRC initiatives alongside colleagues from multiple departments
• Cultivate an environment where decision-makers and stakeholders understand and care about information security and consider security implications in their decision-making, and where every individual understands their role and responsibilities in relation to security
• Strengthen and standardize security assessments and privacy requirements for our vendors and third-party providers

Preferred Qualifications

Working experience in a technology or SaaS company

Benefits

• Competitive salary
• Phone & Home Internet costs reimbursement up to 80 EUR/month
• Home office set-up reimbursement up to 300 EUR
• Personal Learning & Development Budget of 1500 USD/year
• Sabbatical Program – 1 month paid leave at 3, 5, 10 year tenure
• 30 days of annual leave/year
• 2 Mental Health days off per year
• Beekeeper Stock options