Weave is the all-in-one customer communication and engagement platform for small business. The first Utah company to join Y Combinator, Weave has set the bar for Utah startup achievement & work culture. In the past year, Weave has been included in the Forbes Cloud 100, Inc. 5000 fastest-growing companies in America, and Glassdoor Best Places to Work.
At the core of Weave's growth are our people. We are passionate about providing an amazing workplace for accomplished people who demonstrate our core values: Stay Hungry, Care More, Think Creatively, Do the Right Thing, and the Customer is Everything. Don't believe us? Check out why our employees, their families, and our 20,000+ customers love Weave visit our website or head to our Instagram page @workatweave to see what our employees are up to.
What You Will Love About Us
- Competitive Medical, Dental, & Vision Insurance plans
- HSA that includes company contributions
- Flexible PTO and work schedules
- 401k with company match
- Employee stock purchase plan
- Mental health benefits for the whole family
- Maternity & paternity leave + new baby bonuses
- Brand new building with an onsite gym + salon
- Anniversary gifts
- Company holiday and summer events
Weave is looking for a talented, passionate, and experienced Head of Security to lead Weave’s security program. A successful candidate will oversee and lead the development, implementation, and maintenance of Weave’s information security policies, controls, processes, tools, team members, and capabilities. This key team member will be aligned within the organization in such a way to allow them to be successful in influencing security best practices throughout Weave, and will report directly to Weave’s Chief Technical Officer.
This team member will work closely with every member of Weave’s executive and extended leadership team members and will be responsible for leading the continuous improvement of all aspects of security throughout Weave, including Weave’s products and internal operations. The candidate must have an eye for identifying key security risks, assessing and ranking those risks, and using commercially reasonable means to mitigate those risks within reasonable timeframes.
This leader will be a collaborative team player who works well with others to build consensus around security direction, tactical plans, and initiatives, will also naturally earn the trust of team members in order to drive a culture of security, and will also support the achievement of Weave’s business goals while embracing and emboldening Weave’s core values and company culture.
You will own:
- Execute Weave’s security vision and strategy, achieving objectives that mitigate or reduce security risks and diffuse threats against Weave.
- Develop, implement and administer technical standards and solutions, as well as a suite of security services and tools to address and mitigate information security risk.
- Oversee Weave’s security program, which includes leading a team of talented, passionate, and driven security professionals, who operate Weave’s application security, security engineering, and security operations functions.
- Identify risk mitigation strategies that address identified security gaps and challenges. Identify and analyze potential security risks to Weave, and implement effective security controls to reduce risks and vulnerabilities to a reasonable and appropriate level.
- Propagate a security-minded culture throughout Weave.
- Partner with executive and extended leadership team members to include security objectives into their respective organizations’ objectives.
- Continuously improve and enhance the security of Weave, Weave’s products, and Weave’s systems.
- Partner with IT, product and engineering team members to build-in security as part of the product development lifecycle and IT operations.
- Directly contribute to and oversee the design and operating effectiveness of Weave’s security controls.
- Support Weave’s security compliance with regulatory and industry security compliance, including, but not limited to, HIPAA, PIPEDA, CCPA, GDPR, NIST, ISO, SOX, PCI-DSS, and SOC2. Lead and participate in internal and external assessments associated with these security compliance frameworks. Facilitate engagement with external assessors to help ensure smooth audits and the timely providing of audit evidence.
- Ensure the ongoing remediation of security flaws, including vulnerability patching, exploit mitigation, and continuous monitoring of Weave’s systems against intrusion.
- Lead the security incident response capability and cross-functional response team in identifying, responding to, mitigating, and reporting information security incidents.
- Regularly report to Weave’s executive leadership team, Board of Directors, and Audit Committee on Weave’s state of security, including topics of security and internal IT strategy, risks, and operations, including KPIs and management metrics to report on the health and effectiveness of the security.
- Act as a key stakeholder and participant in enhancing and operating Weave’s third-party screening and risk management program.
What you need to accomplish the job:
- 3+ years' of Director level leadership experience
- A proven track record of success in partnership and collaboration with executive leadership for the development and delivery of solutions in a growth-minded organization.
- Ability to build strong networks, relationships, and identify key decision-makers to assist in accomplishing business objectives.
- Displays a high degree of interpersonal skills, tact, and diplomacy; strong collaboration skills with peers and colleagues.
- Ability and willingness to roll up your sleeves – acknowledging that no job is too small to do.
- In-depth knowledge of regulatory requirements and information security and privacy best practice frameworks, such as HIPAA, PIPEDA, CCPA, GDPR, NIST, ISO, SOX, PCI-DSS, and SOC2, among others.
- Experience in highly-regulated industries including the healthcare, financial services, or telecommunications sectors.
- Excellent written and oral communication skills.
- Bachelor’s degree (or higher) in relevant field (Management Information Systems, Information Technology, Computer Science, Information Security)
- Certified Information Systems Security Professional (CISSP) or similar preferred.
- 12+ years of product security, information security and cyber security experience.
- 5+ years of leadership experience and creating information security strategy and programs.
- Previous experience leading and developing a high-performing information security team preferred.
- Prior experience with cloud computing infrastructures involving IaaS/SaaS/PaaS services, including Google Cloud Platform and Amazon Web Services.
- Must be based in Utah or willing to relocate to Utah.
Weave is an equal opportunity employer that is committed to diversity and inclusion. We welcome anyone who is hungry to learn, problem-solve and progress regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics.
If you have a disability or special need that requires accommodation, please let us know.