Director of Security (Remote, US-based)

Overview

Liquibase is the leader in Database DevOps. Downloaded more than 100 million times, our software enables DevOps teams around the globe to accelerate the software delivery process by automating database updates, security, and governance. We are a nimble, fast-paced, innovative team with the opportunity to make an outsized impact on the business and the industry.

Liquibase is hiring a highly skilled and experienced Director of Security to lead our security initiatives across both our SaaS and on-premise software business lines. You will report to the VP of Engineering and will be instrumental in developing and implementing comprehensive security strategies that align with our business objectives while ensuring compliance with relevant regulations and standards. The Director of Security will also oversee our Governance, Risk Management, and Compliance (GRC) programs, promoting a security-first culture within the organization.

Key Responsibilities:

Security Strategy & Policy Development:

• Lead the development, implementation & enforcement of a comprehensive security strategy that addresses the unique needs of both SaaS and on-premise software environments.
• Develop, implement, and manage cybersecurity policies and procedures to ensure the confidentiality, integrity, and availability of information assets.
• Collaborate with executive leadership to align security initiatives with business goals and objectives.

Security Architecture and Operations:

• Design and implement security architecture including building new systems, tools, or processes that protect the integrity, confidentiality, and availability of data across all platforms.
• Lead security operations function in multi-cloud environments, including AWS, Azure, GCP and others
• Manage security operations, including monitoring, incident response, and threat intelligence.
• Partner with the engineering teams to perform design and architecture reviews, including threat modeling and assessments, code reviews, Security/Vulnerability/Penetration Testing etc

Governance, Risk Management, and Compliance (GRC):

• Establish and oversee the GRC framework to ensure compliance with industry standards (e.g., ISO 27001, SOC 2, GDPR, HIPAA) and regulatory requirements.
• Develop and enforce data protection policies to ensure compliance with data privacy regulations such as GDPR, CCPA, etc
• Develop and implement risk assessment processes to identify, evaluate, and mitigate security risks across the organization.

Stakeholder Engagement:

• Collaborate with cross-functional teams, including IT, Product, CS , Sales and Legal, to ensure security is integrated into all aspects of the business.
• Act as the primary point of contact for security-related inquiries from customers, prospects, partners, and regulatory bodies.

Team Mentorship and Development:

• Develop and lead a high-performing security adjacent team, fostering a culture of continuous improvement and professional development.
• Provide mentorship and guidance to team members, promoting knowledge sharing and best practices.

Security Training and Awareness:

• Develop and implement security training and awareness programs for employees to foster and promote a security-conscious culture.
• Stay current with industry trends and emerging threats, ensuring the organization is proactive in its security posture.

Must Haves:

• Bachelor's or Master's degree in Computer Science, Information Technology, or related STEM field
• 8+ years proven experience in information security management, with a focus on SaaS and traditional software environments.
• Strong knowledge of GRC frameworks and regulatory compliance requirements.
• In-depth understanding of control testing program development, risk assessment methodologies, and related frameworks
• Experience with security architecture, risk management, threat detection and incident response.
• Strong understanding and hands on experience with Cloud architecture and services
• Strong understanding of security tools
• Comprehensive understanding of vulnerability management
• Understanding of Identity and access management
• 3+ years Managing third party risk and Certification audits
• Ability to lead crisis management
• Proven ability to reduce Companies Risk Posture and manage global risk
• Excellent leadership and team management skills, with a demonstrated ability to influence at all levels of the organization
• Strong communication skills, both verbal and written, with the ability to convey complex security concepts to non-technical stakeholders, as well as customer communications

Nice to Haves:

• Relevant security certifications (e.g., CISSP, CISM, CISA) are highly desirable

Perks of life at Liquibase:

• Remote culture, potential for company-wide in-person gatherings
• Home office allowance for remote workers
• Meaningful equity (US only)
• Comprehensive health, vision, and dental benefits - country dependent
• Generous paid time off and paid holidays
• 401K matching (US only)
• No punks, no jerks culture
• Growth opportunities and ability to move up within the company

We take pride in:

• A transparent and collaborative team environment. We value multiple perspectives and fresh thinking.
• Our entrepreneurial culture. We provide every employee the opportunity to make a meaningful impact.
• Providing the opportunity to work with new technologies and learn from experienced professionals.
• How organizations, large and small, use DevOps to drive developer agility and accelerate software delivery.

Company Overview - We are Liquibase

A career at Liquibase means joining a quickly growing company on the front lines of the DevOps space. Our vision is to be the easiest, safest, and most powerful community-led database change management solution. As companies of all sizes continue to adopt an agile methodology and DevOps practices, there is a growing realization that the database needs to be considered as part of this innovation process.

At Liquibase, we foster a culture rooted in the open-source values of freedom, choice, transparency, and meritocracy. These are not just fashion labels here, but sincere convictions, and you’ll see that reflected in the way we operate daily. We’re caffeinated, collaborative & confident experts, eager to solve the most challenging database CI/CD problems for our customers.

Want to help the software world move faster? You’ve found the right place.

Eligible candidates may be subject to criminal history checks, which will be conducted and used in accordance with applicable local, state, and federal laws