SVP, Head of Security Engineering Operations

SVP, Head of Security Engineering Operations

Reporting to our CTO, The SVP, Head of Security Engineering Operations will have a passion for technology, excellent communication skills and ability to lead a team. This person will manage the SecOps team including but not limited to securing infrastructure (cloud, data centers, network) in high velocity payment space (over billion transactions/year) with knowledge of SOX, PCI, SOC1, SOC2 compliance, data privacy, and GRC depth. The Senior Vice President, is a strong, highly visible leader responsible for leading Enterprise Data Security (prevent, detect, respond), IT Compliance, Disaster Recovery, and Business Continuity for Cantaloupe.

The primary goal of the SecOps Team is to deliver a high performing and highly scalable security services to the enterprise and lines of business.

SVP, Head of Security Engineering Operations Job Responsibilities

• Responsible for leadership oversight of PCI-DSS, SOX, data privacy, and SOC2 compliance requirements and associated artifacts.
• Understanding of CIS Benchmarks, PCI-DSS, SOX, NIST, and SOC2 security controls and standards
• Own Cantaloupe's PCI DSS 4.0 readiness efforts.
• Collaborate across department functions to ensure timely remediation of deficiencies and incorporation of IT security and control considerations during project scoping.
• Develop and implements standards, procedures, best practices, and business processes especially related to Compliance and Secure business continuity (SOX, PCI, SOC1, SOC2 compliance and GRC depth).
• Responsible for running internal technical projects from concept to implementation for Development, Enterprise Applications, and Infrastructure.
• Deploy and manage cybersecurity capabilities.
• Ensure data security and compliance of all company compute assets and environments. Ensure that risks are evaluated, communicated, and minimized on an ongoing basis, and that security posture evolves as necessary to protect the enterprise. Ensure use of major Cloud technologies is secure (owned and non-owned assets).
• Participate in strategic planning, tactical operation planning, and the development of contingency operation plans for Production and other environments.
• Overall leadership of the Security Engineering, Security Operations, Boundary protection, and GRC functions.
• Will develop KPIs and KRIs to support reporting requirements.
• Oversee Capital Expenditures and Computing expenses for the company, including budgeting, tracking, and cost containment for areas of responsibility.
• Work with Executive Senior management to develop and direct the long-term strategy for the organization's security team, disaster recovery, business continuity and process improvements.
• Build partnerships with Internal Audit, Finance, Cantaloupe business groups, IT Delivery and Operations, and third-party service providers. Own and manage Information Security security and compliance across all groups and subject areas.
• Create PowerPoint presentations / decks and present to business leaders and C-level executives about Security initiatives and results. Strong organizational, and presentation skills.

SVP, Head of Security Engineering Operations Job Qualifications:

• 10+ years total experience in IT, including 6+ years in a production 24/7 high consumer traffic Web environment, including IT, Networking, Security and Information Protection, load balancing implementations and high availability networks. 3+ years total experience working with cloud service providers.
• Experience with and expert knowledge of PCI-DSS, SOX, NIST, data privacy, and SOC2 security controls and standards. Knowledge and experience working in an IT Security department within a payments and/or a public company desired.
• Bachelor's Degree in Engineering, Technology or related field or commensurate work experience.
• Experience implementing and monitoring near real-time detective and corrective security controls for cloud environments.
• Prior experience in a consulting practice specializing in datacenter consolidations, cloud consulting, or heavy focus on IT for mergers & acquisitions.
• Substantial technical leadership experience dealing with Windows, UNIX, Networks, Telecom, Databases, Storage & Backups, and Security.
• Understanding of the theory, concepts, and real-world application of Continuous Delivery (CD), which requires familiarity with Cloud like AWS and Azure.
• Experience in handling multiple concurrent complex projects within a technical environment
• Ability to develop and maintain positive working relationships with all levels
• Strong communication skills with both internal staff and clients

CANDIDATE PROFILE:

• The ideal candidate will need to bring a mix of hard and soft skills in order to ensure his/her success.
• Given the scope of contribution of this role, it will be imperative that qualified candidates bring experience in the large financial services firms. A background including B2B services, transaction / payment processing, and credit card services would be strongly preferred.
• Qualified candidates will have a background and comfort level working with diverse systems. He/She/They will bring an appetite for keeping current with new technology solutions and be incredibly passionate about solving business problems using technology.
• This person will need to bring a track record of hands-on, 'doing' - being personally responsible for the strategy, execution and success of systems and operational procedures that have been global in nature and have impacted the bottom-line efficiency and success of an organization. Ideally, qualified candidates will have an experience base that involves multi-national Infrastructure & software development.
• Occasional travel required, which could fluctuate depending on areas of business focus, acquisition due diligence, etc.
• Maintain and remediate SOX and PCI controls to assure compliance, implement and support Identity and Access Management for Cantaloupe. Develop roadmaps, strategies, and project lists to achieve BCP and IT Security objectives. Manage these projects to achieve these objectives on time and on budget.
• CISSP Certified preferred

Why choose Cantaloupe:

Cantaloupe, Inc. is a software and payments company that provides end-to-end technology solutions for self-service commerce. Cantaloupe is transforming the self-service commerce industry by offering one integrated solution for payments processing, logistics, and back-office management. The Company's enterprise-wide platform is designed to increase consumer engagement and sales revenue through digital payments, digital advertising and customer loyalty programs, while providing retailers with control and visibility over their operations and inventory. As a result, customers ranging from vending machine companies to operators of micro-markets, car charging stations, laundromats, metered parking terminals, kiosks, amusements and more, can run their businesses more proactively, predictably, and competitively. For more information, please visit our website at www.cantaloupe.com.