Head of Privacy and Information Security

Summary

Join Athennian as we seek a Head of Privacy and Information Security to shape our privacy-first principles and data security posture.

Requirements

• 7+ years in information security, data protection, and privacy roles
• Proficiency in cloud technologies (e.g., AWS) and experience securing hybrid environments (on-premises and cloud)
• Hands-on experience managing security solutions such as SIEM, EDR, firewalls, IPS/IDS, and encryption
• In-depth knowledge of data protection regulations and standards (GDPR, SOC2, ISO 27001, NIST 800-171)
• Industry-recognized certifications (CISSP, CIPP, CISA, Certified Ethical Hacker, CompTIA Security+) are preferred
• Proven experience in incident response, management, and root cause analysis
• Ability to conduct privacy and security risk assessments and analyze network traffic, system alerts, and data logs for trends
• Excellent ability to convey complex privacy and security concepts to technical and non-technical audiences
• Ability to work independently, prioritize tasks effectively, and manage multiple projects concurrently

Responsibilities

• Oversee the end-to-end process of responding to security-related RFPs, RFIs, and questionnaires
• Develop and implement an organization-wide privacy and information security strategy that aligns with regulatory requirements and best practices
• Ensure compliance with industry regulations (e.g., GDPR, SOC2, ISO 27001) by establishing and maintaining robust data protection policies and information security standards
• Conduct and document security and data privacy risk assessments, compliance reviews, and communicate risk mitigation strategies to senior leadership, engineering, and relevant stakeholders
• Monitor both on-prem and cloud infrastructure for vulnerabilities, assess risk factors, and implement solutions to improve security and data protection
• Partner with product and engineering teams to embed privacy and data protection principles in the product lifecycle, from initial design to deployment
• Lead employee security and privacy training initiatives focused on email threats, data handling, and best practices in protecting sensitive information
• Manage incident response for security and data privacy breaches, conduct root cause analyses, and oversee remediation efforts
• Coordinate with third parties on security and privacy audits, assessments, and remediation efforts (e.g., penetration testing, bug bounty programs)
• Oversee development of information security and privacy policies, conduct regular access management reviews, and implement technical controls for data protection
• Conduct and review Privacy Impact Assessments (PIAs) to evaluate privacy risks associated with new projects, technologies, and data processing activities
• Gather, document, and report security and privacy metrics, analyzing trends to guide continuous improvement

Benefits

• Generous vacation/sick/flex days
• Remote work options
• Flexible working hours
• Health/dental/vision/group life/gRRSP/LTD/AD&D/EFAP benefits
• High growth environment
• Team-building
• Day-to-day variety (never a dull moment)
• MacBook for all employees
• Stock options