Vice President, Information Security (CISO)
Remote or San Francisco, California
Applications have closed
Curology
Powerful, personalized skincare formulas prescribed by real dermatology providers. Start the skin quiz to try it for 30 days.We're hiring an experienced VP of Information Security to own Information Security, Application Security, and IT functions at Curology. You will be responsible for the company's overall security strategy, program oversight, and architecture development for the organization. You will establish and lead the company's Security Steering Committee to constantly improve all aspects of security at Curology. You will also be a key contributor to privacy and compliance initiatives. This is a critical, high-visibility role that reports directly to the CTO and will collaborate with Curology's executive leadership team.
In this role, you will:- Build Curology’s Information & Application Security Engineering function in partnership with Engineering to secure our production and data infrastructures.- Be responsible for Curology's IT Organization including Help Desk, End User Engineering, Security, and SAAS Operations.- Identify relevant security frameworks and own execution of associated strategy and roadmaps.- Conduct regular third-party independent audits of our security posture and ensure any resulting actions to address gaps or weaknesses are appropriately assigned and completed.- Build a proactive security practice that identifies and remediates issues through white hat activities, game days, and research.- Manage our response to security incidents and ensure that they are appropriately addressed, documented, and reported.- Create and lead an Internal Security Steering Committee in collaboration with Curology's Executive Leadership.- Be a key stakeholder in Curology's Governance, Risk, and Compliance (GRC) activities.- Serve as a key member of the Technology Organization's Senior Leadership Team.- Own compensation, team design, hiring, and retention plan for the Security group.
You will be successful if you have:- Public Company Experience: Experience taking a company public in a security leadership role or extensive experience leading security at a public company.- Technical Expertise: Demonstrated experience with Application Security, DevOps, or Cloud Security functions including experience with cloud computing technologies, with security commitments to customers and partners.- Regulatory Experience: Knowledge and understanding of relevant legal and regulatory requirements, such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA).- Security Leadership Experience: 7+ years of experience in a combination of risk management, information security, and application security engineering roles, with 3+ years in a senior leadership role (Director, VP, or CISO).- Security Certifications: CISSP, CISM, CRISC, GSEC, CISA, or ability to be certified.- Excellent Communicator: Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
You will love working at Curology because:- Amazing team culture and environment- Awarded Great Place To Work & Inc.’s Best Workplace- Competitive salary and equity options- Unlimited, flexible PTO for exempt employees- Comprehensive benefits: Medical, dental and vision insurance are covered 90%+ for employees; flexible spending account; 401k- Paid maternity and paternity leave- Free subscription to Curology!- Company-sponsored happy hours and outingsCurology encourages applications from people of all races, religions, national origins, genders, sexual orientations, gender identities, gender expressions and ages, as well as veterans and individuals with disabilities. Notice to Applicants under the CCPA.
Tags: Application security Audits CCPA CISA CISM CISSP Cloud Compliance CRISC DevOps Governance GSEC HIPAA Privacy Risk management SaaS Security strategy Strategy
Perks/benefits: 401(k) matching Competitive pay Equity Flex hours Flexible spending account Flex vacation Health care Medical leave Parental leave Team events Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs