CISO, VP Info & Product Security
Boston, MA, United States
NexthinkDiscover what your employees need, see what they experience, know how they feel. Deliver IT that delights.
Nexthink is the global leader in digital employee experience management. Our products allow enterprises to create highly productive digital workplaces for their employees by delivering optimal end-user experiences. Through a unique combination of real-time analytics, automation and employee feedback, Nexthink gives IT teams the insight they need to empower and even delight people at work.
Headquartered in Switzerland with US headquarters in Boston, Nexthink also has offices in France, UK, Germany, Spain and UAE. Our growing team of Nexthinkers is proud to be making the digital work lives of over sixteen million employees across 1,000 customers more productive.
Hybrid role- Boston based office, with teams in Madrid, Lausanne and Bangalore. Need to be open to travel.
Nexthink is looking for a VP of Information and Product Security who is an expert in working with development teams to build secure SaaS products and is passionate about securing an enterprise’s information and data. The candidate will lead and grow a global team of about ten security and compliance experts and own all aspects of the security function for Nexthink.
We are looking for an individual who has strong cloud security technical fundamentals and has been involved in securing software development and deployment processes. Excellent communication skills and comfort in working with executive leadership and with customers are essential for the role.
Experience working with US Federal and DoD agencies and contractors with certifications like Fedramp is a plus. Experience working with European companies around GDPR and related data privacy issues is very helpful.
The role will report to the CTO and work closely with Architecture, Development, SRE, Legal, Support, Product Management, and Sales leadership in leading the security function for Nexthink.
The VP of Information and Product Security’s responsibilities include but are not limited to:
- Drive Nexthink's security vision, continually update strategy to meet this vision and maintain a multi-year security roadmap.
- Consistently communicate and advocate for security best practices while reporting performance effectiveness to executive stakeholders.
- Lead the implementation of next-gen security solutions and ensure compliance with changing laws and regulations.
- Oversee the development of information security policies, standards, and procedures that are aligned with industry best practices.
- Evaluate and adapt security measures to mitigate emerging threats and vulnerabilities, with a focus on protecting software integrity and data security for customers.
- Lead and mentor a high-performing team, handling performance management, workload balancing, and succession planning.
- Provide hands-on technical leadership in the design, implementation, and enforcement of security measures.
- Conduct regular audits and assessments to identify areas for improvement
- Collaborate closely with Product, IT, Legal, and other departments to align security initiatives with company objectives
- Act as a main point of contact for security matters with external vendors and partners
- Facilitate interdepartmental training and development programs focused on security best practices
- Ensure compliance with Federal, FedRAMP, and DoD regulations
- Build and maintain relationships with government agencies and other stakeholders in the security compliance landscape
- Develop and enforce cloud security policies, including incident response protocols
- Manage operational and capital budgets for the cyber security department.
- Lead security briefings for executive stakeholders
- Draft comprehensive yet accessible reports for both technical and non-technical audiences
- Quick adaptability to a fast-pace security landscape, staying abreast of new technologies and approaches.
- Advanced degree in technology-related fields like Computer Science or Engineering is preferred.
- Minimum of 10 years in progressive leadership roles within information security, with a focus on corporate and product security in a SaaS environment
- Strong technical background, with experience in designing, implementing, and managing security solutions
- Decisive and well-informed decision-making, coupled with creative problem-solving abilities.
- Excellent people management skills, including performance monitoring, motivation, and fostering a positive work environment.
- Proven ability to understand and comply with security regulations, and work with key stakeholders to ensure compliance.
- Exhibited ability to secure cloud-based systems and applications, and respond to security incidents in the cloud.
- Ability to communicate security-related concepts to diverse audiences, technical, legal and executive , orally and in writing in an easily understood and actionable manner.
- Expert knowledge in compliance frameworks: ISO 27001, NIST, CSF, Fedramp and privacy related laws.
- Formal certifications such as CompTIA Security+, CISSP, CISM, CISA, and/or CEH are preferred.
- Excellent interpersonal and communication skills
- Knowledge of Agile software engineering best practices
Key personality traits
Honesty and Integrity: As an integral member of the company’s senior leadership team, the candidate must exemplify the highest standards of honesty, integrity and discretion.
Self-Confident and Results Orientated: An intelligent, decisive, self-confident and results-orientated individual who possesses a combination of mental flexibility, creativity, analytical ability and sound judgment.
Innovation/ Growth Oriented: Encouraging people to innovate, create and be open to change. Empowering people and having a bias for action and an urgency to move forward.
Fosters teamwork: Creating a work culture that values collaboration.
At Nexthink, we believe actions are stronger than words regarding diversity, inclusivity, and equity in the workplace. Nexthinkers are multinational and multilingual and come from all walks of life. We are committed to hiring a genuinely representative workforce that can create solutions and foster innovation for the modern digital employee experience. Join us today!
Total Rewards @ Nexthink
At Nexthink, we offer one of the most comprehensive and generous benefits plans. Your total rewards compensation package includes base salary and may also include a commission or performance bonus plan, as well as equity. We provide our US employees with 100% covered company benefits that consist of health, dental, vision, life insurance, long-term disability, and accidental death/personal loss coverage.
Base salary ranges are determined by country, role, level, experience, and skills. The range displayed on each job posting reflects Nexthink’s good faith determination of the minimum and maximum targets for new hire salaries across all US locations. Individual pay is determined by related factors, including job skills, experience, and relevant education or training, which may impact a final offer. Your Talent Acquisition Partner can share more about the specific salary range during the hiring process.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Analytics Audits Automation CEH CISA CISM CISSP Cloud Compliance CompTIA Computer Science DoD FedRAMP GDPR Incident response ISO 27001 Monitoring NIST Privacy Product security SaaS Strategy Vulnerabilities
More jobs like this
New York City New York City Full TimeExecutive Executive-levelUSD 289K - 353K USD 289K+
Federal Reserve System
Program Director, Cybersecurity Risk and PolicyBanking Clearance Compliance Privacy Security Clearance Strategy
401(k) matching Career development Flex hours Flex vacation Health care +5
San Francisco, CA, United … San Francisco, CA, United States Full TimeExecutive Executive-levelUSD 269K - 329K USD 269K+
Head of Compliance, Emerging BusinessesAnalytics Banking Blockchain C Compliance Crypto +4
Career development Equity Flex hours Flexible spending account Flex vacation +7
., ., United States ., ., United States Full TimeExecutive Executive-levelUSD 48K - 90K * USD 48K+ *
Insider Threat Director - 100% US REMOTE ONLYAnalytics Compliance Governance Incident response Monitoring Risk assessment +3
401(k) matching Career development Competitive pay Equity Flex hours +5
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs