Who is Accela:
Accela is an industry-leading cloud/web/mobile based software company that was recently honored with the ‘Great Place to Work’ certification and is one of the leading GovTech 100 companies.
For more than 15 years, Accela has been the industry leader in designing and delivering productivity and engagement software solutions to help government agencies to be their best. Accela provides a cloud-based SaaS platform suite of products that help local/State/Federal government and Civic agencies serve local communities more efficiently and effectively.
Accela’s software drives efficiency for over 2,200 governments and is accessible to more than 160 million citizens worldwide. More than 80% of America’s 50 largest cities such as New York, San Diego, San Francisco, Miami, and Denver have implemented at least one of Accela’s many solutions.
Accela offers employees a culture that emphasizes performance, productivity and collaboration. You can’t help but feel empowered, engaged and motivated when you work with like-minded individuals who are driven and passionate about contributing to a market-leading, high-growth software organization with proven technology.
While we are busy changing the world, we also strongly believe in having fun and excitement at work, and encourage a collaborative and healthy work-life balance.
If you are motivated by the idea of delivering on the promise of democracy in the digital age and solving for a new era of more efficient, open and innovative governance, then we’d love to hear from you.
Where you fit:
Accela is looking for a highly motivated, passionate, and self-driven Security Director to join our Cloud Ops unit in San Ramon, CA
Impact you will make in the role:
- Enhance the security minded across all department.
- Lead the organization’s existing and prospective Information Security, Compliance and Privacy programs in accordance with industry standards and requirements, which includes, but is not limited to, ISO 27001, SOC 1 & 2, FISMA, PCI-DSS, HIPAA, FedRamp and others
- Establishes the cyber-security risk management program, policies, standards, and procedures
- Design and conduct security risk assessments and develop a reporting framework to measure continuous improvement
- Evaluate and report to management on the security posture of internal and possible M&A targets
- Communicate to management, through reports presentations, metrics and other documentation, the cyber-security risks
- Track, monitor, audit and report on anomalies and/or breaches of security and report to management on potential impact
- Coordinate and conduct external assessment & penetration testing exercises
- Consult with vendors to define remediation requirements found from assessments
- Validate vulnerabilities have been correctly mitigated or remediated
- Determine the relevance and risk of emerging threats across our environment
- Contribute to enterprise IT Risk and Control awareness efforts
- Stay abreast of current and emerging information risks including compliance requirements. Educate team and key stakeholders. Problem Solving:
- Identify potential areas of vulnerability and risk. Objectively assess impact, likelihood, velocity, and magnitude of identified risks.
- Facilitate the formulation of corrective action plans for resolution of problematic issues
- Mediate differing perspectives on risks between a variety of stakeholders driving objectivity and building consensus
- Rapidly analyze complex technical details and synthesize detailed analysis into a “big picture” view that can be easily understood by non-technical stakeholders to support risk-based decision-making for management
- Gather, analyze, and report status and metrics on risks, controls and issues including coverage metrics, KRIs and KPIs Decision Making:
- Determines when exceptions, exemptions, and invocation of the risk adjudication process are merited
- Determines and approves risk treatment decisions
- Determines ranges of controls when risk mitigation is desired
- Determines to methods, instrumentation, training, documentation, and processes
- Develops solutions for automating and streamlining InfoSec risk management practices Working Relationships:
- Communicates regularly with I.T. management and security staffs across all Post business units.
- Regularly develop and present findings and assessments to senior I.T and Business Management.
- Communicates regularly with cross-functional peers, including Compliance, Internal Audit, IT Procurement, Legal and business unit leadership.
- Interacts occasionally with industry peers, standards organizations, solution providers, etc.
Expertise you will bring in:
- Experience in Information Security and Risk Management
- Experience and deep understanding of industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, CobIT, etc.).
- Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA)
- Able to communicate technical issues to non-technical people
- BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
- 5+ years’ experience working in Information Security
- 7+ years’ experience working in I.T.
Benefits and Perks:
Beyond a stellar work environment, great people and inspiring, innovative work, we have some great benefits and perks:
- Competitive salaries
- 401(k) match to all employees
- Medical, dental and vision coverage for you and your family, along with other wellness and disability plans
- 11 paid holidays; competitive and flexible paid time off policy
- Catered lunches, fully stocked kitchens, walking trails and nearby access to restaurants, food trucks and farmers markets in some of our locations
Accela is an Affirmative Action/Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability, gender identity, and sexual orientation