We’re looking for a Head of Security to lead Snyk’s Infosec team. The Head of Information Security will be key to ensuring the company are fully compliant and protected from all security vulnerabilities, reporting to the CISO and working closely with the CTO, Board members, and wider engineering teams. You will be assessing the current security posture and come up with solutions/policies to improve the business.
You’ll spend your time:
- developing and executing an enterprise wide security strategy and roadmap that mitigates risk through the right balance of security measures and operational flexibility.
- establishing policies, procedures, standards and guidelines that enable Snyk’s security strategy.
- identifying security vulnerabilities and risks associated with Snyk’s operations, including partnering with business units to build threat assessment into the product design and development processes. coordinating the performance of internal and external network and systems vulnerability assessments, penetration tests and auditing
- overseeing the evaluation, selection and implementation of information security technology and tools both for our products and for internal use. providing guidance to the product and R&D teams for product development.
- participating in the development and monitoring of business continuity and disaster recovery planning.
- rolling out training, awareness campaigns, and tests/simulations to measure their effectiveness, on all aspects of InfoSec
- act as incident manager for incidents, and be the point of escalation
- be responsible for RFP security-related questions, and general pre-sales/post-sales security questions that arise.
- developing and maintaining a program that informs business unit and functional group leadership of the top security risks and overall security health of their organizations.
- supporting the marketing and sales organizations for security presentation development, pre-sales support, meetings with Snyk customers, customer contracts review, RFP response, and customer audit facilitation.
- developing, communicating and ensuring compliance with organizational security policies and standards, including ISO27001, SOC2 Type II and other certifications.
- working with the legal department on security aspects of global commercial contracts. assisting with legal and regulatory requirements concerning security processes and requirements
- auditing vendor compliance with security requirements as needed
We are distributed across four offices in London, Tel Aviv, Boston and Ottawa, with 10% of the company working fully-remote. We’ve made an organizational commitment to building a strong, effective, distributed company: we form teams across multiple offices wherever possible, and we invest in communication so that we can benefit from each others’ perspectives. As well as an always-on webcam so we can see what’s happening in each office, we make heavy use of video calls, Slack, and some inter-office travel.
You should apply if you:
- Have spent 5+ years managing technical security teams in a senior leadership capacity.
- Have managed threat modeling, risk calculation and assessment.
- Have managed an InfoSec team, or a Security Operations Center for a public facing service.
- Are experienced in managing IT and security related audits and assessments.
- Are a persuasive communicator in writing and in person.
Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)
Snyk’s mission is to help developers use open source code and stay secure.
The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users.
We are experiencing rapid growth - and we want you to join us! By the end of Q3 2019 alone, Snyk was already adopted by over 450,000 developers, and including multiple enterprise customers (such as Google, New Relic, ASOS and others). We also raised an additional $70 Million, announced September 10, 2019, from investors such as Accel, GV and Boldstart, demonstrating that they are as excited as we are by Snyk’s progress and potential.
We believe open source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure.