Manager, Security Operations and Risk

At Talkdesk, we are courageous innovators focused on redefining customer experience, making the impossible possible for companies globally. We champion an inclusive and diverse culture representative of the communities in which we live and serve. And, we give back to our community by volunteering our time, supporting non-profits and minimizing our global footprint. Each day, thousands of employees, customers and partners all over the world trust Talkdesk to deliver a better way to great experiences. 

We are recognized as a cloud contact center leader by many of the most influential research organizations, including Gartner and Forrester. With $498 million in total funding, a valuation of more than $10 Billion, and a ranking of #8 on the Forbes Cloud 100 list, now is the time to be part of the Talkdesk legacy to help accelerate our success in a new decade of transformational growth.

Talkdesk is currently seeking a Manager, Information Security Risk and Operations to join our Information Security team. The right candidate will be a key driver of information security strategy, prioritization efforts, and will help manage the Information Security Program at Talkdesk. The Manager will work to secure the environment using a defense in-depth approach while enabling Talkdesk to provide effective and secure services.

This individual will use a risk-based approach in evaluating the effectiveness of security capabilities against industry accepted standards and security frameworks. They are responsible for evaluating and enhancing the overall security posture and program at Talkdesk. The Manager will work collaboratively with technology and application owners to drive adherence to secure and consistent management and configuration practices. They will also provide guidance and subject matter expertise to business and senior leadership stakeholders in mManageraintaining a secure environment.

The Manager will assist in reporting to senior management on the overall program health, key metrics, and milestones and liaising with other teams to ensure adherence to information security inquiries and requirements. They will lead third party risk management efforts to ensure that third parties meet our security requirements and drive the firm’s incident management program to ensure effective identification and remediation of incidents throughout the environment.

Who you're committed to being:

• Forward-thinking, phenomenal at multitasking and ready to handle the often unexpected demands facing a growing, global company
• Strong communicator who can get the point across quickly and optimally no matter the audience
• Open to being challenged and crafting solutions that drive business results while protecting the company
• Reliable, trusted partner and able to collaborate across teams and regions
• Self-starter who is not afraid to dive in and navigate thorny or novel problems

What you'll own:

• Provide oversight and guidance to team of information security specialists
• Drive reporting, metric generation, and risk quantification efforts to facilitate reporting to senior leadership
• Work with Chief Information Security Officer (CISO) to develop information security strategy and roadmap to drive continuous improvement of information security capabilities
• Lead all threat and vulnerability management efforts; work cross-functionally to identify and drive remediation of configuration and patch level vulnerabilities across the environment
• Perform substantive information security risk and architecture review of new solutions and platforms to be introduced into the environment
• Lead and operate the firm’s risk management policy including risk identification, tracking, quantification, ranking reporting and remediation
• Lead and enhance Third Party Risk Management functions to ensure the appropriate identification, stratification and remediation
• Lead development and enhancement of policies, standards, and procedures at the firm to ensure compliance with ISO 27001 and consistent and secure application of security principles
• Manage all aspects of information security training, communications, and awareness.
• Perform periodic review and audit of access and entitlements across various systems and infrastructure
• Develop tools, technologies and processes to continually assess and improve our cloud security posture

Experience you'll need:

• 8+ years of experience on privacy legal and/or privacy program design, oversight and management for internal/external clients
• Experience building and implementing global privacy compliance, operations and risk management programs
• Experience testing, monitoring and assessing privacy programs
• Experience working with external auditors and/or regulatory inquiries involving privacy or information security
• Experience partnering with management across functions critical to a privacy organization, including product and engineering
• Experience prioritizing and managing multiple projects with varying deadlines
• Experience serving as the Data Protection Officer (DPO)

Preferred Qualifications:

• Privacy and data protection, Information technology/information security experience (e.g. GDPR, CCPA, LGPD, FTC Act, data breach laws, etc.)
• An understanding of, and passion for, emerging technology and products
• Consulting or advisory experience on privacy matters
• Privacy certification (e.g. CIPP or CIPM or similar)
• J.D. degree (or foreign equivalent) a plus but not required

The Talkdesk story hinges on empathy and acceptance. It is the shared goal among all Talkdeskers to empower a new kind of customer hero through our innovative software solution, and we firmly believe that the best path to success for our mission is inclusivity, diversity, and genuine acceptance. To that end, we will hire, promote, work along, cheer for, bond with, and warmly welcome into the Talkdesk family all persons without regard to ethnic and racial identity, indigenous heritage, national origin, religion, gender, gender identity, gender expression, sexual orientation, age, disability, marital status, veteran status, genetic information, or any other legally protected status.