Head of Global Security, Risk and Compliance

We are seeking an experienced Head of Security Engineering to join our growing SaaS company. Reporting to the CTO, you will be responsible for defining, executing and overseeing a holistic security strategy to safeguard our organization’s digital assets, protect customer data, and maintain trust in our brand. You will lead a team of security professionals and drive collaboration with engineering, product, and cross-functional stakeholders to integrate security across all aspects of our operations, aligning with business objectives and industry standards.

What your day could consist of:

• Define and lead product security initiatives in close connection to the needs of partners, customers, the market and overall company objectives.
• Lead a team of security professionals, including hiring, training, and performance management.
• Lead incident response efforts operating as the incident commander, coordinating with relevant stakeholders to resolve security incidents while communicating effectively throughout.
• Lead the IT team.
• Manage Third Party (e.g., vendor) Risk Assessment Program with IT.
• Manage stakeholder (customer, partner) security questionnaires and assessment processes. Interface with customer management as necessary.
• Manage threat and vulnerability management.
• Ensure an effective SSDLC is in place for engineering.
• Implement security controls and processes to protect the company's data and systems from external threats.
• Own the SOC2 audit, and lead work to implement ISO27001 certification.
• Conduct risk assessments and implement appropriate controls to mitigate identified risks.
• Stay up to date with the latest security technologies and best practices.
• Develop and maintain security policies, standards, and procedures.
• Develop and lead comprehensive security training programs across the organization to ensure all employees understand and adhere to security best practices, fostering a culture of proactive risk awareness and protection.
• Guide security engineering on InfoSec/AppSec standards, auditing, and penetration testing.
• Manage analysis of fraud vulnerabilities, control weaknesses, and gaps to mitigate and remediate significant issues, trends, and loss events.

What is needed:

• Bachelor's degree in computer science, information technology, or a related field.
• 10+ years of experience in information security, with at least 5 years in a senior leadership role.
• Expert in security technologies and best practices.
• Experience with security risk assessment and management.
• Experience with incident response and forensics.
• Experience with security in the cloud (e.g., AWS) is required.
• CISSP, CISM, CISA or other relevant security certification is a plus.
• Excellent communication and leadership skills.
• Experience building Internal Audit functions for SOC 2, ISO 27001, and PCI-DSS.
• Excellent understanding of vulnerability management and associated tools and solutions.
• Machine Learning Models understanding is a plus.
• Seeking candidates in Chicago or Indianapolis.
• Prior penetration testing experience is a plus.