Overview

AvePoint is seeking a Director of Privacy, Security and Risk to join our team.

What will you be doing?

• Responsible for a combination of day-to-day operations in addition to security strategic planning for information security measures that impact the enterprise for executive management approval
• Support the IT Security, Privacy and Risk & Compliance functions to implement consistent security safeguards and controls throughout the global organization
• Monitor and reviews regulatory updates and issues relative to pertinent security regulations which could include CCPA, GDPR, PCI, FISMA, and SOX
• Develop an understanding of AvePoint’s current and forward-looking threat profiles
• Improves and implements specific security policies, procedures, and processes relevant to the AvePoint Information Security Program
• Protect valuable information and maintains the confidentiality and integrity of data through:
• Report regularly to the Chief Risk, Privacy and Information Security Officer and Senior Leadership regarding the status of compliance to all pertinent regulations and mitigation of information security issues identified
• Support the development of communications, security awareness programs and risk analysis
• Supports, maintains and exercises the Critical Security Incident Response Plan
• Supports the development and implementation of security strategies and roadmaps, policies and standards
• Oversee and respond to IT security and other audits including but not limited to ISO 27001, 27017, SOC 2, FedRamp, TISAX and additional global and regional certifications as required by the business.
• Responsible for threat management, security monitoring, trend correlation and incident management, including security violations and exceptions
• Coordinating and conducting data privacy audits.
• Additional duties/tasks as assigned.

OK, I’m interested… is this the job for me?

We look for people who value agility, passion and teamwork; those who can bring fresh ideas to the table and want the opportunity to learn, grow, and expand their careers. Bring your aptitude and build upon what you do best for our customers, partners, team, and you.

Other qualities you’ll need to be a fit for this role include:

• Bachelor’s degree in Business, Computer Science or related field. Master’s degree strongly preferred
• Certified Information Privacy Professional (CIPP)
• Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA), preferred. May substitute an equivalent combination of education and significant experience
• 7+ years of experience leading security planning and response, in technology sector preferred
• Experience with a wide range of security technologies including Splunk, Proofpoint, and DLP systems
• Detailed knowledge of and experience implementing applicable industry rules (including GDPR, CCPA, and HIPAA)
• Expertise in Information Security best practices and implementing Information Security Frameworks
• Experience in working with audit and certification programs (including ISO 27001, SOC 2, NIST, etc..)
• Demonstrated experience in developing and implementing Policies, procedures, controls and metrics related to security and privacy programs
• Subject matter expert in application security, vulnerability testing and development of a risk appetite
• Risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Demonstrated ability to effectively collaborate within and across teams
• Expertise in security architecture, frameworks, and cyber technology
• Experience developing and managing in a culture of responsive customer-oriented services and internal accountability

About AvePoint

Check out our careers blog for content on our people, culture, and workplace!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.