About the position
The Vice President of Information Security at BambooHR is a senior leadership role responsible for developing and implementing a comprehensive security vision and strategy that aligns with the company's business objectives. This position requires collaboration with cross-functional teams to identify and mitigate risks, ensuring the integrity of software infrastructure and customer trust. The VP will also serve as a key advisor to the executive team on cybersecurity issues and will be instrumental in establishing BambooHR as a thought leader in cybersecurity.
Responsibilities
- Develop and implement a comprehensive security vision and strategy that aligns with business objectives, key results, and industry best practices.
- Lead the development and execution of a long-term security roadmap, incorporating emerging technologies and industry trends.
- Serve as a key advisor to the executive team on cybersecurity risks and opportunities, providing strategic guidance on complex security issues.
- Explore and recommend opportunities for security to be a strategic advantage in BambooHR's market position.
- Establish the company as a thought leader in cybersecurity representing the security strategy, investments, and innovation in company updates, board meetings, industry forums, partners, and regulatory bodies.
- Oversee security certification, training, and awareness programs for employees, preserving the culture of security within the company.
- Drive continuous improvement in security programs for threat modeling, vulnerability scanning, and audits and incorporating the highest standards of security in the software development life cycle.
- Increase efficiency in incident detection, investigation, response, reporting, and postmortem working in partnership with peers and leaders across the company.
- Research and recommend industry-proven tools, processes, and standards for engineering, identity, access, and operations security.
- Build and empower a high-performing security team by recruiting and retaining top talent, fostering a collaborative environment, and prioritizing professional development through mentorship and training.
- Create customer-facing publications, videos, and presentations to represent the company's approach and commitment to safeguarding sensitive information.
Requirements
- 10+ years of experience designing and implementing technology solutions for cloud security, network security, and application security.
- Experience in implementing solutions for identity, access, and operations security.
- Bachelor's degree in computer science, computer engineering, cybersecurity, or related field; equivalent experience also accepted.
- Relevant certifications such as CISSP, CISM, or equivalent.
- Experience with cloud platforms (e.g., AWS, GCP) and containerization, large data sets, relational databases, and warehouses.
- Ability to drive initiatives that require collaboration and accountability across a company.
- Advanced experience with compliance frameworks (SOC II, SOX, GDPR, PCI).
- Demonstrated leadership in guiding and motivating a high-performing organization.
- Passion and excitement for security that is contagious.
- Strong executive verbal, visual, and written communication skills with the ability to communicate complex security topics to audiences of varying technical aptitudes.
Nice-to-haves
- Regarded as a trusted and seasoned thought leader who can influence and inspire business partners and leaders.
- Enthusiasm for inspiring continuous growth and improvement of people, process, and products.
Benefits
- 4 weeks paid time off
- 11 paid holidays
- Health Medical with HSA and FSA options, dental, and vision
- 401(k) with a generous company match
- Access to a personal financial planner
- Legal and life insurance
- Paid subscription to Financial Peace University
- Paid time off for community service
- Educational expense coverage for higher education
- Incredible office amenities including a full-size gym and pickleball courts
- Flexible work models including in-office, work-from-home, or hybrid options
