Chief Information Security Officer
About Spring Labs:
Spring Labs is redefining how data is exchanged for the new age of data sharing, security, and consumer privacy through decentralization. Our Spring Protocol Tech Stack, which includes the use of Blockchain and Cryptography, allows institutions to share information directly among themselves to verify identities and reduce fraud - all while protecting consumer data.
Working at Spring Labs is about being part of a collaborative team, comprised of some of the most talented people in the industry. You would be welcomed into a fun, inclusive environment where we care as much about our employees as we do about our product.
Reporting to the Chief Technology Officer of Spring Labs, the Chief Information Security Officer (CISO) is responsible for (1) ensuring our product meet all security and privacy expectations, and (2) safeguarding of all company information technology assets. This individual will serve as one of the senior leaders within the Technology department and will have frequent interactions with the Senior Leadership Team (SLT) and Board of Directors.
The scope of the CISO role includes the establishment of a complete vision for security practices for the enterprise and management of security policies, procedures, guidelines, and standards. This includes roadmaps for evolving the security architecture, associated toolsets, security processes, etc.
The CISO must effectively demonstrate the ability to educate and train stakeholders, should have experience in building awareness programs and embedding a security mindset within the culture from top to bottom. The CISO will also collaborate closely with Spring Labs COO to ensure that control requirements are accounted for across all security initiatives. As the leader of systematic security, this individual will be responsible for collaborating with Spring Labs governance, audit, and infrastructure teams to establish and regularly test business resiliency processes and procedures. This will include ensuring proper prioritization of business, technology, and operations functions; confirming the presence of proper backup and recovery mechanisms; and regular testing of business continuity processes.
What You'll Do
- Ownership of the information security compliance vision, strategy and assurance
- Evaluation and interpretation for Spring Labs of industry best practices (NIST, ISO, SANS, COBIT, CERT) and compliance requirements (Legislative, Regulatory - SOX, PCI, HIPPA, etc.)
- As appropriate - ownership, sponsorship, management, support and supervision of information security assessments, audits and ongoing monitoring
- Information security threat and vulnerability management, incident reporting, event management, event investigation and analysis
- Ownership of the information security project portfolio, including developing new or improved capabilities and addressing areas for needed remediation
- Overall stewardship and sponsorship for Spring Labs Enterprise IT Risk strategy
- Ownership of the portfolio of information security policies, procedures, guidelines and standards, including development, maintenance, communication and training
- Ownership of the information security architecture including all information security (technical, process) activities across all domains of information security: access control, connectivity/communications, security management, AD security, cryptography, operations, resiliency, designs and models, event management and physical security for facilities, all data and third-party risk management to outsourced business and technology operations.
- Ownership of business operations and technology organizational resiliency assurance across organizational resiliency lifecycle functions, from planning to training and education, across all organizational resiliency domains in partnership with business leaders
- Support for technology strategic initiatives including the application and infrastructure establishment and simplification, strategic change management, merger and acquisition activity, etc.
- Ensuring effective controls are in place for management of security capabilities (e.g., access management, vendor oversight)
About You
- Minimum 7+ years of broad technology experience in application development and infrastructure services with a strong record of success in managing information security. Specific focus on resiliency / continuity planning, auditing and risk management preferred
- Deep working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT) and Legislative and Regulatory and Industry Compliance Requirements (SOX, PCI, HIPPA, etc.)
- Must have experience managing complex information technology programs, preferably within the financial services or information security industries
- Experience managing vendor sourced solutions and consultants, ensuring vendor performance and deliverables meet specifications
- Intelligent, articulate and persuasive leader with excellent interpersonal, verbal, written communication and presentation skills
- Must possess the ability to communicate security-related concepts, the state of security and risks, as well as cost effective program design and mechanics to a broad range of stakeholders including: a Board of Directors, senior business executives, technical and non-technical associates, customers, business partners, vendors, etc.
- Accomplished and effective change leader with prior people management responsibility. Candidates should have demonstrable evidence of their ability to implement and drive adoption of risk management programs
- Must direct members across the organization, ensuring alignment of resources across functions and matrix
- Creative, innovative and thorough approach with the ability to operate autonomously
- Bachelor's degree and related field experience required, MBA or other advanced degree preferred
Perks
- Casual Work Environment
- Fully Stocked Kitchen
- Free Gym
- Weekly Office Events
- Unlimited PTO
- 401(k)
Equal Opportunity Statement:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.