Ottawa, ON, Canada
(While we will prioritize candidates that are located in Vancouver, Toronto, Ottawa, or the Kitchener/Waterloo area to build more connected teams, we do encourage candidates across Canada to apply to our roles)
Rewind is a service that protects the data that is driving your business, from a simple side hustle to a successful venture. Our focus is on backing up data that lives in the cloud – in apps like Shopify, BigCommerce, and QuickBooks Online. We invite you to read our startup story to learn where we came from and where we’re going. For a more technical view, check out our Behind the App feature on the BigCommerce Developers Blog.
We care about honesty, we believe in learning from our mistakes, and we support each other as we grow.
Reporting to the CTO, the Director, Security is responsible for implementing and running Rewind’s security program. This involves identifying, evaluating, and reporting on cybersecurity, regulatory, and IT risks as they relate to business operations all the while supporting and advancing business objectives. A key element of the Director’s role is working with the executive team to determine acceptable levels of risk for the organization. The Director proactively works with business stakeholders to implement practices that meet agreed-on policies and standards as it relates to corporate and customer security. The Director is responsible for establishing and maintaining the security programs that ensure business assets, applications, systems, infrastructure, and processes are adequately protected and compliant with legal, regulatory and contractual obligations.
- Build and lead a team that encapsulates the entire internal and external security function for Rewind w.r.t. following areas: AppSec, SecOps, DevSecOps, Security Automation, Security Research, and GRC;
- Act with a high level of personal integrity and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity;
- Develop, maintain, and execute a strategic security plan that will help enable the realization of corporate goals and objectives;
- Measure and report on performance of all aspects of security to internal stakeholders including the C-Suite and Board of Directors;
- Proactively advise management and staff about security or compliance risks that may have a material impact on the business;
- Collaborate with all internal stakeholders to ensure the day-to-day activities of the company are rooted in a security mindset;
- Integrate shift left security practices into the SDLC to help identify and address security vulnerabilities and issues well before they become material to the business;
- Implement and maintain key security programs including: vulnerability disclosure program, incident response and investigations, security assessments, security advisements on key business initiatives, 3rd party vendor risk assessments, security policy awareness, customer compliance, security contract review, customer security credentialing and auditing, physical security, incident and emergency response and security technology deployments;
- Possibly engage with media and customers on matters relating to the security posture of the business;
A successful candidate should have at least 15 years of work experience in information security, with roles encompassing direct responsibility for audit, compliance, risk management, or related functions.
Your other qualifications include:
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Up-to-date knowledge of methodologies and trends in both business and security.
- Experience with contract and vendor negotiations.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Project management skills: financial/budget management, scheduling and resource management.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
- Significant experience maintaining and growing a vulnerability disclosure (VDP).
- Significant experience integrating security practices into the SDLC like static security scanning, threat modeling, and supply chain management.
- Significant experience with network security and IT infrastructure of both hardware and software, such as firewall, IDS/IPS, anti-virus/malware, system monitoring, encryption technologies, WAN/LAN, operating systems, database systems, authentication, authorization, vulnerability scanning and monitoring tools.
- Knowledge of common information security management / compliance frameworks, such as ISO/IEC 27001, SOC2, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Knowledge and understanding of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Cybersecurity Maturity Model Certification (CMMC).
- Exposure to business disciplines while serving in previous security roles, such as: strategy, pricing, competitive analysis, business economics, mergers and acquisitions, sales, marketing, communications, etc. Any experience you have had combining security with these domains (e.g. security sales, sales engineer, customer success, etc.) would be relevant and valuable.
We strongly encourage candidates of all different backgrounds and identities to apply. Each new hire is an opportunity for us to bring in a different perspective, and we are always eager to further diversify our company. Rewind is committed to building an inclusive, supportive place for you to do the best and most rewarding work of your career.
Our package includes:
- employee stock options
- health benefits
- 3 weeks vacation + tenured vacation
- 7 life leave days
- 2 Level Up days for professional development
- 1 volunteer day
- Summer hours (off every other Friday from June - September) and office closed during the holiday break (Dec 25 - Jan 1st)
- 4 week sabbatical after 4 years with us
- paid parental leave
- $5000/year professional development allowance (you can take courses, buy books, attend conferences, cover certifications, etc) and free Udemy courses
- $1000/year annual wellness spending account
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits Automation C CCPA Cloud CMMC CoBIT Compliance DevSecOps Encryption Firewalls GDPR IDS Incident response IPS ITIL IT infrastructure Malware Monitoring Network security NIST Privacy Risk assessment Risk management SDLC SecOps Security assessment SOC 2 Strategy Vulnerabilities
More jobs like this
New York City New York City Full TimeExecutive Executive-levelUSD 289K - 353K USD 289K+
Federal Reserve System
Program Director, Cybersecurity Risk and PolicyBanking Clearance Compliance Privacy Security Clearance Strategy
401(k) matching Career development Flex hours Flex vacation Health care +5
San Francisco, CA, United … San Francisco, CA, United States Full TimeExecutive Executive-levelUSD 269K - 329K USD 269K+
Head of Compliance, Emerging BusinessesAnalytics Banking Blockchain C Compliance Crypto +4
Career development Equity Flex hours Flexible spending account Flex vacation +7
., ., United States ., ., United States Full TimeExecutive Executive-levelUSD 48K - 90K * USD 48K+ *
Insider Threat Director - 100% US REMOTE ONLYAnalytics Compliance Governance Incident response Monitoring Risk assessment +3
401(k) matching Career development Competitive pay Equity Flex hours +5
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs