Join us in building a secure platform supporting Avalara's expanding business. In this leadership role you will have the opportunity to oversee Avalara's regional security function in all capacities including but not limited to Security Operations, Security Engineering, Enterprise Risk, Resilience, Compliance, and Audit.
You will be responsible for providing guidance and real-world mitigation steps to identified security risks. The successful candidate will be required to develop teams while determining mitigation strategies and drive fixes to resolution. A thorough understanding of corporate and product security, plus enterprise risk and audit will be valuable experience for the right candidate.
- Manage, coach, develop a wide range of security teams and professionals.
- Partner with additional information security teams to improve operational capabilities and assurance; provide feedback to relevant stakeholders.
- Conduct regular assessments to improve the security posture and prevent regression.
- Design, collect, maintain, and report on metrics/telemetry across various security disciplines.
- Establish and maintain governance for security standards across the various the business.
- Help set a broad direction, put together a strategy, and implement tactical approaches to address business needs efficiently and effectively.
Qualifications
- 10+ years of experience as a security practitioner
- 8+ years of experience leading, managing & developing high performance teams.
- 3+ years of work experience securing public cloud environments.
- Proven expertise in developing and implementing processes, process integration and process changes.
- Excellent security engineering aptitude and the ability to provide technical mentorship and guidance.
- Expertise with one or more security concepts such as DFIR, Endpoint/Network Security, Cloud Security, Enterprise Risk, Audit, Application Security, penetration testing, etc.
- Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organization.
- BA/BS in computer science, information security, related discipline, or equivalent work experience
Preferred Qualifications
- Experience deploying a wide variety of security technologies in complex enterprise environments, particularly in a SaaS business.
- Familiarity with the security incident response lifecycle and handling of investigations
- Firsthand experience with the regulations or frameworks: SOC 1, SOC 2, ISO 27000 series, GDPR and relevant data privacy regulations, NIST, COBIT, PCI, Sarbanes-Oxley, HIPAA
- CISSP, SANS certifications, technology certifications and other security certifications is a plus.
