Director, Information Security & Compliance

Company Overview

Come join a higher calling and find a deeper purpose!   

As a multi-national Artificial Intelligence Technology Company, we are at the epicenter of the Autonomous Vehicle Universe. Our breakthroughs are leading the industry in autonomous trucking.  

While inventing the framework of Autonomous Driving, our current fleet of autonomous Trucks are helping communities receive much-needed supplies and medical equipment around the clock.   Our people are some of the most talented engineers and contributors who are leaving behind a historic legacy.  

TuSimple was founded half a decade ago with the goal of bringing the top minds in the world together to achieve the dream of a driverless truck solution. With a foundation in computer vision, algorithms, mapping, and Artificial Intelligence, TuSimple is working to create the first global commercially viable Autonomous Freight Network. 

Opportunity Overview

TuSimple’s Director, InfoSec develops, enhances, and oversees the global information security operations activities of TuSimple’s diverse and decentralized computing environment. They are responsible for establishing the company’s security strategy and direction and leading a growing team of InfoSec professionals with various areas of cybersecurity expertise.

The Director, InfoSec identifies major risk factors (compliance and operational) for the company, and provides technical leadership related to GRC (SOX, SOC2, etc), operational (blue team), and offensive (red team) security. The incumbent leverages their extensive background in Security and Risk Management to help prepare security policy and design templates, guides, documentation, procedures, and frameworks that are linked to cyber based activities. They map risks to specific techniques and mitigation methods and oversee the development and maintenance of the data compliance framework. In addition, the Director, InfoSec drives the implementation of security plans, including internal training, event monitoring, and incident response.

The Director, InfoSec and Compliance, demonstrates relevant, collaborative leadership experience, proven execution ability, and deep technical information security experience.

Role Responsibilities

• Develops and drives implementation of a short and long term security strategy and goals in alignment with TuSimple’s business objectives and culture.
• Oversees information security in enterprise IT infrastructure and in deployment and management of enterprise applications.
• Guarantees the strong performance of security operations across multiple data centers, as well as cloud-based service operations centers.
• Secures operations involving large groups of R&D, Engineering, and development operations, requiring connectivity and integration with third party partners.
• Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities.
• Performs gap analysis of current state versus industry best practices for the autonomous vehicle industry.
• Partners across the organization to ensure that security is designed into products and processes from the early stages.
• Acts as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance.
• Manages communications with security leaders from partner organizations.
• Prepares and presents accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements.
• Oversees management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements.
• Identifies and classifies risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation.
• Establishes and enhances Policies and Procedures to ensure the following of security best practices and compliance.
• Establishes governance processes and drives prioritization of security workload across the security workforce, and with dependent stakeholders.
• Provides security expertise and direction for enterprise applications used to support Finance Management, Customer Management, Manufacturing Operations and Quality Control in a highly regulated public environment.
• Establishes and manages operations to maintain security for Controlled but Unclassified (CUI), PCI, and other sensitive data.
• Assesses and identifies security controls for sensitive and regulated data,  and refines and oversees compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2).
• Builds a security oriented culture and champions for all company security-related issues, across the enterprise.
• Resolves security resource requirements including budget, staff, training needs, and prioritization. Works with senior stakeholders, where appropriate, to embed security expertise in other functions.
• Develops and drives security risk analysis, mitigation, and remediation plans. Plans for and leads security incident response and recovery efforts.
• Evolve TuSimple’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents.
• Owns all documentation, process, and training surrounding TuSimple’s disaster recovery abilities.
• Ensures the appropriate development and delivery of end user security awareness training, effective reporting, as well as performance metrics; executes on security metric reporting to ensure business and senior leadership have a proper view of current security state and risks, globally.
• Stays abreast of new and evolving market trends, best practices, and industry specific information. Researches, monitors, and analyzes trends related to security in the automotive, machine learning, and autonomous driving spaces. Provides thought leadership, insights, and recommendations for optimizing security and streamlining processes.
• Provides strong leadership in the recruitment, training and development of top-quality InfoSec talent, ensuring the high level of performance and productivity. Builds morale, motivates and instills productivity and teamwork, creates and promotes a positive and supportive work environment. Creates a culture of continuous improvement for processes, systems, data, training, people, etc.

Experience & Skills Required 

• 7+ years of enterprise information security or relevant technology experience.
• 2+ years experience leading a team of InfoSec/cybersecurity professionals.
• A breadth of hands on and senior leadership experience in security, engineering, or IT management.
• In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria.
• Thorough understanding of SDLC and Application Security Policies, Design and Documentation.
• Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements).
• Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc).
• Fundamental understanding of Incident Management and Security Operations.
• Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment.
• Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies.
• Experience securing and navigating cloud platforms, such as AWS (Amazon Web Services), Azure, or GCP (Google Cloud Compute) platforms.
• Knowledge of common operating systems (e.g. Windows, Linux, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level.
• Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs.
• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx).
• Demonstrated ability to lead, inspire, and motivate teams to effectively and efficiently accomplish goals and provide excellent customer service to internal customers/users.
• Instills a sense of calmness and confidence in end-users while working through technical challenges.
• Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing  approach or method to best fit the situation. Able to effectively partner with cross-functional teams to coordinate activities and accomplish goals.
• Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding.
• Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently.
• Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs.
• Proven ability to work in a matrix organization, tech start-up experience preferred. 
• Ability to maintain steady leadership throughout aggressive deadlines, changing priorities, and evolving operations, as common to progresive start-up environments.
• Strong business acumen; keenness and quickness in understanding business objectives and works to support the objectives through relevant contributions.
• Natural problem solver; analytical and oriented towards diagnosis and remediation.
• Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience.
• Driven to learn and a commitment to keeping current with best practices and emerging industry trends in a quickly evolving sector.
• Adept at leading groups of people with diverse perspectives to acceptable solutions.

TuSimple Benefits

• 100% employer-paid healthcare premiums for you and your family
• Work visa sponsorship available
• Relocation assistance available
• Breakfast, lunch, and dinner served every day
• Full kitchens on every floor with unlimited snacks, drinks, special treats, fruits, meals, and more
• Stock options / equity
• Gym membership reimbursement
• Monthly team building budget
• Learning/education budget  
• Employer-paid life insurance
• Employer-paid long and short disability

TuSimple is an Equal Opportunity Employer. This company does not discriminate in employment and personnel practices on the basis of race, sex, age, handicap, religion, national origin, or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above-listed items.