Head of Privacy and Information Security

Logo of Athennian

Athennian

πŸ“Remote - Worldwide

Job highlights

Summary

Join Athennian as we seek a Head of Privacy and Information Security to shape our privacy-first principles and data security posture.

Requirements

  • 7+ years in information security, data protection, and privacy roles
  • Proficiency in cloud technologies (e.g., AWS) and experience securing hybrid environments (on-premises and cloud)
  • Hands-on experience managing security solutions such as SIEM, EDR, firewalls, IPS/IDS, and encryption
  • In-depth knowledge of data protection regulations and standards (GDPR, SOC2, ISO 27001, NIST 800-171)
  • Industry-recognized certifications (CISSP, CIPP, CISA, Certified Ethical Hacker, CompTIA Security+) are preferred
  • Proven experience in incident response, management, and root cause analysis
  • Ability to conduct privacy and security risk assessments and analyze network traffic, system alerts, and data logs for trends
  • Excellent ability to convey complex privacy and security concepts to technical and non-technical audiences
  • Ability to work independently, prioritize tasks effectively, and manage multiple projects concurrently

Responsibilities

  • Oversee the end-to-end process of responding to security-related RFPs, RFIs, and questionnaires
  • Develop and implement an organization-wide privacy and information security strategy that aligns with regulatory requirements and best practices
  • Ensure compliance with industry regulations (e.g., GDPR, SOC2, ISO 27001) by establishing and maintaining robust data protection policies and information security standards
  • Conduct and document security and data privacy risk assessments, compliance reviews, and communicate risk mitigation strategies to senior leadership, engineering, and relevant stakeholders
  • Monitor both on-prem and cloud infrastructure for vulnerabilities, assess risk factors, and implement solutions to improve security and data protection
  • Partner with product and engineering teams to embed privacy and data protection principles in the product lifecycle, from initial design to deployment
  • Lead employee security and privacy training initiatives focused on email threats, data handling, and best practices in protecting sensitive information
  • Manage incident response for security and data privacy breaches, conduct root cause analyses, and oversee remediation efforts
  • Coordinate with third parties on security and privacy audits, assessments, and remediation efforts (e.g., penetration testing, bug bounty programs)
  • Oversee development of information security and privacy policies, conduct regular access management reviews, and implement technical controls for data protection
  • Conduct and review Privacy Impact Assessments (PIAs) to evaluate privacy risks associated with new projects, technologies, and data processing activities
  • Gather, document, and report security and privacy metrics, analyzing trends to guide continuous improvement

Benefits

  • Generous vacation/sick/flex days
  • Remote work options
  • Flexible working hours
  • Health/dental/vision/group life/gRRSP/LTD/AD&D/EFAP benefits
  • High growth environment
  • Team-building
  • Day-to-day variety (never a dull moment)
  • MacBook for all employees
  • Stock options

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs

Please let Athennian know you found this job on JobsCollider. Thanks! πŸ™