Head of Security, Compliance & IT

The Head of Security (Product and Corporate), Compliance & IT is responsible for the overall security of Envoy’s platform and products, corporate infrastructure, and IT systems. This includes developing and implementing security best practices and procedures, managing security risks, training, responding to security incidents ,and building bleeding edge workplace tech and internal corporate systems and ensuring compliance with relevant regulations. As Head of Security, you will work with product teams to ensure that security is built into the company's products from the start.

This is a hybrid position that requires at least 3 days a week (Tuesday - Thursday) in our San Francisco HQ.

• Develop and implement security policies and procedures for Envoy Products and for our corporate systems.
• Proactively manage security risks.
• Respond to security incidents.
• Work with product development teams to lead threat models, security reviews accurate, actionable security insights and results
• Lead security audits and assessments.
• Report on security status to the CTO and other senior executives.
• Establish Envoy as a trusted and secure platform to a growing customer base that includes many Fortune 500 companies.
• Support security reviews from new and existing customers.
• Represent the company to external security organizations.
• Coach and develop the next set of security and IT leaders.
• Stay up-to-date on the latest security threats and trends.

• Bachelor’s (Master's preferred) degree in information security, computer science, or a related field or equivalent experience
• 10+ years of experience in application/information security
• 5+ years of experience in people management.
• Experience in all aspects of information security, including risk management, incident response, and compliance.
• Experience in managing several team, high profile initiatives in parallel and championing x-functional programs.
• Demonstrated leadership and ability to thrive in a global team environment. Outstanding communication and presentation skills with the ability to influence technical and non-technical groups.
• Demonstrated excellent program management skills and ability to develop solutions to problems with unclear or ambiguous guidelines.
• Strong leadership and communication skills.
• Ensure compliance with relevant security and privacy regulations, such as SOC2, SSPA, GDPR, and CCPA.
• Monitor changes in regulations and update security practices accordingly.
• Coordinate and oversee external audits and assessments.
• Collaborate with legal to address data protection and privacy requirements.
• Develop and maintain a comprehensive vendor risk management program. Identify and assess security risks associated with third-party vendors and service providers.
• Establish vendor security requirements and standards.
• Conduct due diligence assessments of potential vendors.
• Monitor and evaluate vendor security performance and compliance.
• Implement processes for ongoing vendor security reviews and risk mitigation. 
• Proven experience as a CISO or in a similar senior security leadership role.
• Demonstrated management experience with a track record of effectively leading and developing security teams.

• An exceptional writer and spoken communicator and adept at communicating complex technical / security topics to a variety of audiences.
• Highly organized, autonomous and results driven.
• Comfortable and energized operating in a fast moving organization
• Passionate about our product and working with Enterprise sized businesses
• Entrepreneurial and self-motivated
• Consultative with demonstrable experience
• Enthusiastic about learning and growing at Envoy
• Intellectually curious and ambitious

Envoy's compensation package includes market competitive salary, equity for all full time roles, and great benefits. If you are located in San Francisco Bay Area, our expected cash compensation for this role is $246K-$289K (Annually).  We are hiring for multiple levels and backgrounds, so final offers may vary within the range provided based on experience, expertise, and other factors.

If you have any questions related to compensation, please contact Recruiting after you apply.

#LI-Hybrid