Director, Security
- Full-time
Company Description
(While we will prioritize candidates that are located in Vancouver, Toronto, Ottawa, or the Kitchener/Waterloo area to build more connected teams, we do encourage candidates across Canada to apply to our roles)
Rewind is a service that protects the data that is driving your business, from a simple side hustle to a successful venture. Our focus is on backing up data that lives in the cloud – in apps like Shopify, BigCommerce, and QuickBooks Online. We invite you to read our startup story to learn where we came from and where we’re going. For a more technical view, check out our Behind the App feature on the BigCommerce Developers Blog.
We care about honesty, we believe in learning from our mistakes, and we support each other as we grow.
Job Description
Reporting to the CTO, the Director, Security is responsible for implementing and running Rewind’s security program. This involves identifying, evaluating, and reporting on cybersecurity, regulatory, and IT risks as they relate to business operations all the while supporting and advancing business objectives. A key element of the Director’s role is working with the executive team to determine acceptable levels of risk for the organization. The Director proactively works with business stakeholders to implement practices that meet agreed-on policies and standards as it relates to corporate and customer security. The Director is responsible for establishing and maintaining the security programs that ensure business assets, applications, systems, infrastructure, and processes are adequately protected and compliant with legal, regulatory and contractual obligations.
Responsibilities include:
- Build and lead a team that encapsulates the entire internal and external security function for Rewind w.r.t. following areas: AppSec, SecOps, DevSecOps, Security Automation, Security Research, and GRC;
- Act with a high level of personal integrity and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity;
- Develop, maintain, and execute a strategic security plan that will help enable the realization of corporate goals and objectives;
- Measure and report on performance of all aspects of security to internal stakeholders including the C-Suite and Board of Directors;
- Proactively advise management and staff about security or compliance risks that may have a material impact on the business;
- Collaborate with all internal stakeholders to ensure the day-to-day activities of the company are rooted in a security mindset;
- Integrate shift left security practices into the SDLC to help identify and address security vulnerabilities and issues well before they become material to the business;
- Implement and maintain key security programs including: vulnerability disclosure program, incident response and investigations, security assessments, security advisements on key business initiatives, 3rd party vendor risk assessments, security policy awareness, customer compliance, security contract review, customer security credentialing and auditing, physical security, incident and emergency response and security technology deployments;
- Possibly engage with media and customers on matters relating to the security posture of the business;
Qualifications
A successful candidate should have at least 15 years of work experience in information security, with roles encompassing direct responsibility for audit, compliance, risk management, or related functions.
Your other qualifications include:
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Up-to-date knowledge of methodologies and trends in both business and security.
- Experience with contract and vendor negotiations.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Project management skills: financial/budget management, scheduling and resource management.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
- Significant experience maintaining and growing a vulnerability disclosure (VDP).
- Significant experience integrating security practices into the SDLC like static security scanning, threat modeling, and supply chain management.
- Significant experience with network security and IT infrastructure of both hardware and software, such as firewall, IDS/IPS, anti-virus/malware, system monitoring, encryption technologies, WAN/LAN, operating systems, database systems, authentication, authorization, vulnerability scanning and monitoring tools.
- Knowledge of common information security management / compliance frameworks, such as ISO/IEC 27001, SOC2, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Knowledge and understanding of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Cybersecurity Maturity Model Certification (CMMC).
- Exposure to business disciplines while serving in previous security roles, such as: strategy, pricing, competitive analysis, business economics, mergers and acquisitions, sales, marketing, communications, etc. Any experience you have had combining security with these domains (e.g. security sales, sales engineer, customer success, etc.) would be relevant and valuable.
Additional Information
We strongly encourage candidates of all different backgrounds and identities to apply. Each new hire is an opportunity for us to bring in a different perspective, and we are always eager to further diversify our company. Rewind is committed to building an inclusive, supportive place for you to do the best and most rewarding work of your career.
Our package includes:
- bonus
- employee stock options
- health benefits
- 3 weeks vacation + tenured vacation
- 7 life leave days
- 2 Level Up days for professional development
- 1 volunteer day
- Summer hours (off every other Friday from June - September) and office closed during the holiday break (Dec 25 - Jan 1st)
- 4 week sabbatical after 4 years with us
- paid parental leave
- $5000/year professional development allowance (you can take courses, buy books, attend conferences, cover certifications, etc) and free Udemy courses
- $1000/year annual wellness spending account