Chief Information Security OfficerAbout Us

They say "sitting is the new smoking". We're here to get more people moving...

Gympass is a discovery platform that empowers companies to engage their workforce in physical activity by providing access to the largest global network of workout facilities. With a single monthly membership, companies can help employees find an activity they'll love among more than 600 activities across the U.S., Europe, and Latin America. Our goal is to multiply the number of people exercising at every company to create a healthier and more engaged workforce.

Founded in 2012 and headquartered in New York, we have a growing team in 30 offices around the world. Our mission is simple yet ambitious: defeat inactivity, and we know the only way to get there is together, partnering with companies, gyms and having the best talent.

Job Purpose

The chief information security officer (CISO) - an executive role that oversees the protection of company and customer data, as well as the protection and maintenance of infrastructure and assets from malicious actors.

This role will not only requires implementing security safeguards but also training and educating employees. With the majority of cyber security incidents being the result of employee error, it's important that a CISO is looking both internally and externally for potential threats.

What You'll Do...

The CISO’s responsibilities range from hiring IT personnel to providing the leadership and policy direction required to protect the company from emerging threats and maintain the IT internal infrastructure. This role also directly manages IT team leaders to ensure they are prioritising the right aspects of a strategy at the right time.

The role will involve implementing company-wide corporate security policies, standards and procedures and making sure staff across the board comply on a day-to-day basis. This includes conversing regularly with senior management and employees to make sure all IT security policies are deployed, revised, sustained and overseen effectively.

Creating a process for on-going IT infrastructure audits and assessments for security risks. You will be expected to continuously assess vulnerabilities and find fixes before an incident occurs. Responsible for IT infrastructure (internal tools and governance).

You will develop policies around security incidents and create an Emergency Response Team to act as and when a security breach is looming or has happened. Moveover, you will oversee the development of a disaster recovery plan to allow for business continuity post-cyber-attack.

Responsibilities include:

Security operations: Real-time analysis of immediate threats, and triage when something goes wrong

Cyber-risk and cyber intelligence: Keeping abreast of developing security threats, and helping the board understand potential security problems that might arise from acquisitions or other big business moves

Data loss and fraud prevention: Making sure internal staff doesn't misuse or steal data

Security architecture: Planning, buying, and rolling out security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind

Identity and access management: Ensuring that only authorized people have access to restricted data and systems

Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks — regular system patches, for instance

Investigations and forensics: Determining what went wrong in a breach, dealing with those responsible if they're internal, and planning to avoid repeats of the same crisis

Governance: Making sure all of the above initiatives run smoothly and get the funding they need — and that corporate leadership understands their importance

Leverage global: Tools and techniques to consistently capture, model and analyze security architecture options.

Security Solutions: Work with Product Team to support the deployment cybersecurity solutions in alignment with business needs, architectural principles, security protection requirements, and required functionality throughout the systems development life cycle.

Facilitate meetings with business members and participate in projects relating to changes in security architecture and solutions.

Advise on cyber field and security solution requirements and considerations in alignment with emerging needs of the business.

Requirements

A solid technical foundation;

An understanding of emerging technology and digital trends and their impacts on cybersecurity;

Solid ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means;

Expected to have a bachelor's degree in computer science or a related field and 7-12 years of work experience (including at least five in a management role); 

Technical master's degrees with a security focus;

Should also understand some security-centric tech, like DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies; 

Coding practices, ethical hacking and threat modeling; 

Firewall and intrusion detection/prevention protocols. 

Expected to be leading some regulatory compliance, PCI, NIST, GDPR and SOX compliance assessments as well;

At least one of the following certifications is required o CISM, CISSP or CCISO.

Stay current on industry leading practices and technologies.

BENEFITS

dsfWe're a wellness company that is committed to the health and welfare of our employees. Our benefits include:

• Employee Health Insurance covered 100%
• Company subsidized Gympass on us, workout anywhere anytime for the cost of one lunch.
• Competitive PTO that starts on Day 1 and a floating holiday to be used for religious reasons
• Outstanding opportunities for personal growth and career development
• An exciting and supportive atmosphere with intelligent (hey, at least we think so) and ambitious people from around the world!

Gympass is an Equal Opportunity Employer. Gympass does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.