Information Security Director
PRODUCT ENGINEERING – MANAGEMENT
The Information Security Director will be responsible for helping protect the confidentiality, integrity, and availability (Security) of Sonatype’s information assets and IT resources, as well as the adherence to laws and contractual obligations regarding information processing critical to its mission. This position plays a material role in protecting these assets from events that may have a significant negative impact to the company and its customers. The Security Director will lead efforts to improve security awareness, manage security initiatives, develop and maintain security policies, and develop process orchestration and automation.
We’re looking for someone who is:
- A subject matter expert in Information Security; deep technical understanding of security vulnerabilities and risks, as well as countermeasures and compensating controls.
- Self-motivated problem solver with a desire to identify issues and formulate solutions that reduce risk and align with organizational strategies.
- A great communicator, capable of speaking with executives, business, and technical audiences effectively.
- An effective collaborator, able to partner with and work cross-functionally.
- Capable of influencing prioritization and action on security-related objectives.
- Capable of recruiting, building, and managing a team.
As an Information Security Director you will:
- Build the vision, priorities, and information security requirements and plans.
- Assess, revise, and/or develop standards, policies, and methodologies that support efficient security operations in an Agile, DevSecOps environment.
- Develop and maintain Business Continuity and Disaster Recovery plans and coordinate periodic testing of those plans.
- Manage information security initiatives including security assessments, improvements, incident response, and vendor or service provider relationships.
- Collaborate with Business Partners and work cross-functionally with departmental team members to prioritize objectives and implement solutions.
- Support customer and audit requests, as needed.
- Create, maintain and report metrics on all security domains. Perform root cause analysis, recommend, and implement continuous improvement process opportunities based on the results of such metrics.
- Create appropriate alerts, reports and dashboards to protect corporate and production systems.
- Lead and manage the information security function (design the function; recruit, onboard, mentor, and manage members).
- Minimum 10 years of related work experience.
- Must have a Bachelor degree in Computer Science or a related field.
- Security-focused certifications preferred (CISSP, Cyber Security Analyst or similar certificate).
- Experience with cyber intelligence gathering, processing, and indicators of compromise (IOC) development.
- Proficient in risk assessment and analysis methodologies, IT-related laws and compliance mandates, security frameworks and methodologies, incident management, and project management principles.
- Proficient in developing use cases, evaluating alternative solutions, cost justification, recommended solutions, and comprehensive deployment plans.
- Strong analytical, problem solving and conceptual skills to identify and deliver high performing solutions.
- Strong verbal and written communication skills, with an ability to express complex technical concepts in understandable business terms.
- Experience attaining ISO 27001 1/2 certification or similar standard, preferably with Cloud-based applications (AWS), highly desirable.
We are 300 employees from diverse backgrounds, that hail from 50 countries, and speak 15 languages. But, we all share one thing in common: we’re passionate about accelerating software innovation. Our vision is to put Nexus products at the center of every open source decision made by modern engineering organizations. We’re one of the fastest growing tech companies in America and have been named both a Deloitte Fast 500 and Inc. 5000 company three years in a row. We’re backed by world class investors including TPG, Goldman Sachs, Accel Partners, and HWVP.
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.