Head of Information Security

About SugarCRM
From the very beginning, SugarCRM had a unique vision: to offer a different kind of Customer Relationship Management (CRM). We pioneered the first commercial open-source CRM platform, and now, more than two decades later, are on a mission to provide products and services that make the hard things easier for sales, marketing and customer service teams. In fact, we help mid-market businesses around the globe reach new levels of performance and predictability by letting our award-winning CRM platform do the work.  Our diverse group of worldwide employees are united and driven by a shared passion for our mission, culture, and values. We treat our employees like humans not line items and are building a culture where your work at Sugar helps fuel personal, professional and business growth – check out our recent ‘Great Place to Work’ certification that we are so proud of. Work/life fit and flexibility for our team matters and together we pride ourselves on solving for our customers, always. What’s more, we empower everyone to do their best work from home, the office, on the road, or anywhere in between.   If you're ready to grow your career and help organizations grow better and faster, you've come to the right place. Find out more about our SugarCRM careers and how you can become a part of our journey. 
Where do you fit:
The Head of Information Security will be responsible for leading all security and compliance related activities for the Company. The ideal candidate must have experience at a successful software company, preferably a growing SaaS company, conducting security risk assessments, penetration testing and vulnerability scanning (both with IT as well as the product), as well as working with complex technology systems, managing projects and providing security services to internal customers.  You will be responsible for the establishment and compliance of security policies and standards across the company, including product engineering, professional services, finance, operations, IT and customer facing applications.  

Key Responsibilities:

• THE lead champion for the Company’s security program/posture and foster a security aware culture.
• Lead development and implement of a long-term security strategy and roadmap encompassing Company internal systems and SaaS product offerings.
• Support and coordinate Company’s SOC 2 audit and compliance related activities.
• Identify, evaluate and report on information security risks, practices, and projects to Executive Leadership, Board of Directors, etc.
• Oversee the evaluation, selection and implementation of information security solutions that are best in class, cost effective, and minimally disruptive to the business. 
• Partner with various business functions to ensure that technologies are developed, implemented and maintained according to industry standards and Company policy and guidelines.
• Lead due diligence and post integration activities related to security for all M&A activities.
• Develop, implement and communicate best in class security policies, procedures, standards and guidelines that ensure the company is protected while allowing the business to continue to operate effectively.
• Supporting customer requests for security audit responses, PEN test results and follow up, etc. 
• Lead in the Security Incident Response Team

Qualifications:

• Bachelor’s Degree (required) in Business, Computer Science, Information Systems, Engineering or a related field from an accredited university.  Graduate degree highly preferred.
• 5+ years’ experience at a Director level or above in a security and compliance leadership role at a SaaS or software company required.
• 7+ years of information security/cybersecurity experience at SaaS and software companies with a significant online presence and/or software portfolio required. 
• Minimum 10 years of IT and/or business leadership experience at leading edge, high tech SaaS or software companies.  Public company experience highly preferred.
• Deep understanding of cloud and SaaS, and their implications on information security strategy.
• Professional certifications such as CISSP, CISM, CISA, etc.
• Demonstrated knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL. 
• Experience establishing, implementing and running a compliance program to support SOC 2
• Security technology acumen and experience including but not limited to:  firewall, IDS/IPS, cyber-attack tools and defenses, encryption, certificate authority, web filtering, identity and access management, MFA, etc. 
• Prior experience working in a mixed OS environment including Windows, Linux, and iOS, etc.
• Excellent communication, organization and presentation skills
• Ability to be cross functional across technical areas as a security expert
• Passion in the field of information security is a must
• Demonstrated knowledge of GDPR

We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of dedication, impact, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for. We also know that diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team. Benefits and Perks:Beyond a stellar work environment, friendly people, and inspiring work, we have some sweet benefits and perks: - Private medical and vision benefit coverage- Health &Wellness Reimbursement Program- Educational Resources - Career & Personal Development Program- Attractive salary package- Flexible work hours- Meal tickets-Football Team-We are a merit-based company - many opportunities to learn, excel and grow your career!