Chief Information Security Officer

Company Description

QAD is building a world-class SaaS company, and we are growing. We are looking for talented individuals who want to join us on our mission to help solve relevant real-world problems in manufacturing and the supply chain.

We are a virtual first company and your primary work experience will be virtual / working from your home.  Occasional travel to a physical office may be required to enhance working relationships, collaboration, design, strategy and alignment.    

Job Description

QAD has an exciting opportunity for our Chief Information Security Officer role.  The CISO will be responsible for implementing and running the enterprise information security program. This will involve identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. 

The CISO position requires a visionary leader with sound knowledge of business management and a sound knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem – and specifically in the development and delivery of QAD’s SaaS/Cloud customer offerings. The CISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. 

A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. He or she will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. The CISO should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders. 

The CISO must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. Specific responsibilities include maintaining a risk register and controls maturity model, tabletop testing and other readiness functions, regular internal and external communications, program management, and incident response. 

Another key element of the CISO role is effective engagement with customers, partners, suppliers and other outside stakeholders regarding QAD security strategy and operations. 

The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process and technology. While the CISO is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the CISO is a business leader, and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant experience, including five years in a significant leadership role.

This role will be remote within the Continental U.S. and will require approximately 10 -20% travel.

Qualifications

What you’ll do:

• Strategic: working with executive management to determine acceptable levels of risk and setting overall security strategy, and program governance.
• Operational: overseeing projects and incident response and other matters.
• Oversees a comprehensive security performance measurement program. 
• Reports on status of security program, security incidents, remedial actions and regulatory updates.

What you’ll need: 

• Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security
• Degree in business administration or a technology-related field, or equivalent work- or education-related experience 
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment
• Experience with contract and vendor negotiations
• Knowledge and understanding of relevant legal and regulatory requirements such as GDPR, the Payment Card Industry/Data Security Standard, ITAR, DFARS and other regulations pertaining to controlled unclassified information and other regulated information.  
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
• Up-to-date knowledge of methodologies and trends in both business and IT
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
• Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
• Excellent stakeholder management skills
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Project management skills: financial/budget management, scheduling and resource management
• A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital

Who You Are:

• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
• A critical and creative thinker, with an ownership mindset 
• Strong problem-solving and trouble-shooting skills

Additional Information

• Your health and well being are important to us at QAD. We provide programs that help you strike a healthy work-life balance.
• Opportunity to join a growing business, launching into its next phase of expansion and transformation.
• Collaborative culture of smart and hard-working people who support one another to get the job done.
• An atmosphere of growth and opportunity, where idea-sharing is always prioritized over level or hierarchy.

Compensation Package:

• Base pay range: $189,000.00 - $324,000.00 USD Annual (12 Months) 
• Placement within our pay range will vary based on knowledge, skills, experience, and market location variations as well as internal peer equity
• This position is also eligible for an annual company performance bonus
• U.S. benefits package includes medical, dental and vision coverage, a 401(k) plan with company match, short-term and long-term disability coverage, life insurance, paid-time off, parental leave, and well-being programs

#LI-SH1

About QAD:
QAD Inc. is a leading provider of adaptive, cloud-based enterprise software and services for global manufacturing companies. Global manufacturers face ever-increasing disruption caused by technology-driven innovation and changing consumer preferences. In order to survive and thrive, manufacturers must be able to innovate and change business models at unprecedented rates of speed. QAD calls these companies Adaptive Manufacturing Enterprises. QAD solutions help customers in the automotive, life sciences, packaging, consumer products, food and beverage, high tech and industrial manufacturing industries rapidly adapt to change and innovate for competitive advantage. 

QAD is committed to ensuring that every employee feels they work in an environment that values their contributions, respects their unique perspectives and provides opportunities for growth regardless of background. QAD’s DEI program is driving higher levels of diversity, equity and inclusion so that employees can bring their whole self to work.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. 

#LI-Remote