Director of Information Security

Wistia is looking for a Director of Infosec to ensure that we're building a product and organization that's secure by design, as we make business more human with a suite of video-focused innovations.

Responsible disclosure: we think about security a bit differently at Wistia. We're not looking for someone to implement a bunch of best practices and police them, nor a risk eliminator, nor a formal authority who checks a box. We're looking for someone who will think critically about our business goals to determine the most risk-appropriate ways to achieve them; a pragmatist who takes security seriously while acknowledging that policies and practices have real tradeoffs; a thoughtful expert who knows that certifications and industry standards are no substitute for deep contextual understanding and sound judgment.

As Director of Infosec, you will be responsible for ensuring we:

• Educate our employees -- at all levels -- with helpful and relevant security and data privacy trainings.
• Vet vendors, subprocessors and any other third parties who may handle sensitive data on our behalf.
• Derive maximal benefit from white hat security researchers via bug bounties and other programs.
• Have clear, practical processes for handling breaches, data loss, and natural disasters.
• Proactively monitor for and respond to urgent issues and CVEs that would otherwise put us at risk.
• Design, codify, and implement a company security policy that protects us while enabling us to achieve our goals.
• Understand our customers’ security concerns, and address them through action or explanation.

You will work with our most senior leaders to help drive strategic discussions like:

• Whether and when we should become SOC2 compliant.
• How to manage devices in a way that provides both privacy for employees and security for the company.
• What forms of background checks are most appropriate, relevant, and helpful, given Wistia's needs and risks.

You'll fit in great for this role if you:

• Take pride in enabling others to meet their goals in ways that are secure by design.
• Are a creative problem solver and first principles thinker.
• Are adept at identifying flawed assumptions, and proactive but courteous in pointing them out.
• View security as a company-wide concern, not just an IT or engineering problem -- and are excited to help everyone at Wistia understand this.
• Would feel incredibly proud to look back on a year's work, and have leveled up all employees' understanding of security concerns that are relevant to their respective areas.
• Understand the importance of communicating the "why" behind security work (it's much easier to change behavior by showing folks how a policy is helpful, than it is to merely insist that it is helpful).
• Are familiar with consumer privacy regulations (GDPR, CCPA, etc.)

You won't be a fit for this role if you:

• View security as being largely about policing -- pushing back, clamping down, needing to approve things, etc.
• Rely on formal authority to get groups to arrive at appropriate decisions.
• Can't cite examples of recommendations you've made that go against common industry practices.

Your success will be assessed according to:

• Fulfillment of the items you're responsible for, as mentioned above.
• Helping drive the strategic discussions mentioned above, by bringing clarity of costs, benefits, and tradeoffs therein.
• Identifying our strengths, weaknesses, opportunities, and threats as they pertain to security and privacy, and building a sensible roadmap to make progress on them.
• Whether stakeholders can do their jobs with improved awareness and confidence in the security aspects of their decisions.

About Wistia
We try to ensure Wistia is an inclusive and diverse place where everyone feels happy, fulfilled, respected, comfortable, and welcome. We’re proud to be an equal opportunity workplace. We care a lot, so our benefits are actually benefits, not just the fun stuff like swag and snacks in the office (though we also have lots of those too!).

We know the biggest investment we can make is in our employees, so we provide:

• A great compensation package
• 401k with 3% company contribution, regardless of whether you contribute
• Profit Sharing!
• Stock Options
• Flexible hours
• Fully paid healthcare coverage for you and your family (including dental) and a healthcare FSA
• Up to 16 weeks paid family leave
• Flexible vacation and sick leave
• Transportation subsidies

Location/Remote Opportunities
Wistia is a hybrid in-person/remote company. Engineers can work from our beautiful office in Cambridge, MA, or anywhere in the continental US.