Director of Information Security at OwnBackup
Data loss can be devastating. Whether it’s caused by human error, bad code, rogue integrations, or malicious intent, all companies are at risk. OwnBackup is the #1 data backup, archiving, and sandbox seeding app on the Salesforce AppExchange. With over 3,000 customers, we are ranked #25 on Financial Times’ list of America’s fastest growing companies, and have raised $267.5 million in funding from Salesforce Ventures and others.
OwnBackup is seeking a talented and passionate Director of Information Security to join our rapidly growing company. As part of the Chief Information Security Officer (CISO) organization, this role will advance our focus on continuing the development of the internal (non-product) security program.
The Director of Information Security provides leadership across multiple security domains, including risk analysis, security solution architecture, cyber threat intelligence, vendor management, business continuity, and incident response. They drive process refinement and implementation, project management, cross-team/discipline collaboration, maintenance of internal and external stakeholder relationships. They also ensure the performance of all duties in accordance with the company’s policies and procedures, with close collaboration with the Risk & Compliance team on efforts to ensure ongoing compliance with ISO 27001, SOC 2, and other applicable requirements.
This individual will be a key contributor to leverage the current security technologies and enhance related policies and procedures with the goal of reducing internal (non-product) security risk. This is a dynamic role which will require technical work with a strong emphasis on implementation of processes and procedures across a wide spectrum of security domains. The right individual is ambitious and a self-starter who will be able to take initiative and be asked to wear many hats collaborating across many departments.Your Day-to-Day Role
- Work with OwnBackup leadership in defining strategy, and roadmap
- Collaborate with CISO and Risk & Compliance team for internal business systems/process aspects of SOC2 and ISO compliance
- Collaboration with internal teams to build consistent and efficient processes related to security & compliance for non-product related activities
- Assists CISO in the creation and dissemination of company policies and procedures
- Assists in the development of risk reduction strategy through the implementation of technical and non-technical controls
- Collaborate with various teams to remediate critical/high-security risks
- Manage Phishing program for all of Company including education and testing
- Manages training requirements for security and compliance
- Contribute content to general security awareness training as well as role-based training
- Responding to all security-related alerts from email, end-point, and infrastructure
- Lead the security reviews for vendor risk management
- Physical security system design and oversight of Company managed facilities
- Management and trusted security consultant for internal IT systems/devices
- Collaborates with IT to ensure business systems, laptops, Wi-Fi, and other infrastructure is maintained in a secure state, create and apply applicable policies and metrics
- Partner with IT and other business units for the secure deployment of new business (non-product) systems and services
- Partner with the People Team and other internal departments to ensure the security of employee and other sensitive internal information
- Manage BitSight scoring system and collaborate with internal teams to address any findings
- Engage with and monitor dark web services for the ongoing protection of OB assets.
- Manage and monitor company business related DLP services
- Maintain a current understanding of the IT threat landscape for the industry
- Participates in business continuity planning for non-product services
- Partner closely with the Risk & Compliance team to assist with ongoing efforts where needed or applicable to the role
- Bachelor's degree in related field or equivalent experience required
- 8+ years of technical security experience working within an organization
- Excellent strategic and critical thinking, planning, collaboration, and problem-solving skills
- Extensive knowledge of common information security management frameworks, such as NIST Cybersecurity Framework, SOC 2, ISO 27001
- Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials
- Ability to facilitate a climate of cohesiveness, cooperation, and teamwork
- Experience in partnering with internal teams on the secure design and integration of cloud-based applications
- Exhibit leadership skills required to manage resources as well as projects deliverables
- Self-directed professional with strong work ethics and excellent organizational skills
- Demonstrated troubleshooting approach and skills
- Strong oral and written skills both technical and non-technical
- Ability to work in a fast-paced, team environment with the ability to adapt to new, different, or changing situations
This is a full-time position. The ideal candidate will work out of our New Jersey office to maximize interaction with business.
Here at OwnBackup, culture is as important as results, and a key part of our culture is our differences. As we scale to help all types of companies protect precious data, our team must reflect the diversity we serve. OwnBackup is an Equal Opportunity Employer and we believe that every employee in the company brings a unique perspective that they can and should contribute in order to make an impact every day. We strive to be one team, one culture, and one family that builds trust through transparency. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, protected veteran status or disability status. OwnBackup will consider qualified applicants with criminal histories in a manner consistent with applicable law.A Bit About Us
Have a look at our market opportunity and read through the AppExchange reviews to get to know OwnBackup a little better. Founded in 2015, OwnBackup is backed by top-tier venture capital firms and Salesforce Ventures. The company has experienced 100% y/y growth, establishing early market dominance in a big addressable market. To put it in perspective OwnBackup has 2k customers and nearly all of Salesforce 150k customers are a potential fit to use our products. Given the company’s vision to be the leading Cloud Data Protection Platform, there are also plans to expand into other SaaS ecosystems in the company year.