Chief Security Officer Zuora
THIS JOB HAS EXPIRED Zuora is the hottest SaaS company in the Silicon Valley. We were built to change the way people do business and fuel the Subscription Economy. Since our founding in 2007 we have defined the Subscription Economy, raised over $130M in funding from top tier investors and become one of the fastest growing SaaS companies in Silicon Valley. And oh yeah, we've built a killer product too.
Here at Zuora we believe that in order to build a killer product you have to have a killer team. Zuora is chock-full of game changers, innovators, and leaders who want to be part of the next wave of successful tech companies. Sound like a place for you?
This is your chance to get in on the ground floor with a pre-IPO company that is poised for success and set on a trajectory for massive growth. To be frank, now is a pretty exciting time to be here.
Join the Subscription Generation today.
The Chief Security Officer (CSO), responsible and accountable for the organization?s entire security posture?both physical and digital?keeping with the mission of safeguarding the company data, customers, staff and businesses. The position requires a visionary leader with strong skills in information security, technology and business management.
Work closely with corporate executives, business managers, audit and legal counsel to understand corporate requirements related to security and regulatory compliance, and to map those requirements to current security projects.
Builds and sustains a professional, capable security organization able to keep pace with a rapidly evolving and demanding regulatory environment, a more sophisticated and diverse threat profile and the extent of the company?s business change agenda
Oversee and coordinate security efforts across the company, including information technology, technical operations, engineering, human resources, product, legal, facilities management and other groups
Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed
Establish and monitor formal certification programs regarding enterprise security standards relating to the planned acquisition and/or procurement of new applications or technologies.
Champions and enhances awareness of the enterprise-wide governance, risk, and compliance (GRC) program, including security policies and standards
Serves as an independent and objective central point for all security-related issues that affect business-line level security profile and its short- and long-term strategic plans
Balances the protection of the enterprise with the need to create operationally effective and efficient processes for our customers.
Meets financial requirements by submitting information for budgets, monitoring, and expenses pertaining to the information security program.
Maintain processes, policies, and procedures in continual compliance with PCI Level 1, SSAE16, US-EU Data Protection Directive and other applicable legal, regulatory, and business requirements
Manage all threats, risks, and vulnerabilities applicable to the business, including evaluation of current state and establish sufficient mitigation strategies and plans
Maintains and leverages relationships with U.S. local, state and federal law enforcement, other related government agencies and foreign agencies as required to support Zuora?s business domestic and international
Provide subject matter expertise to executive management on a broad range of information security standards and standards such as PCI, ISO 27001, CobiT and ITIL.
Provide thought leadership, define security strategy, and facilitate best practices that enable Zuora to leverage advanced security technologies.
Provide strategic and tactical security guidance for all projects, including the evaluation and recommendation of technical controls.
Establish standards for secure application development, including oversight and management of all pertinent security requirements, security testing, and security audits
Assist in the review of applications and/or technology environments during the development or acquisitions process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process
Monitor and advise on information security issues related to the systems, processes and product workflow to ensure the internal security controls for the company is appropriate and operating as intended.
Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Establish and promote standards and processes for global information security incident response.
Collaborate with internal and external stakeholders, such as management, legal, safety and security, and law enforcement agencies to manage security vulnerabilities, threats, and risks.
Establish, manage and maintain a comprehensive global security awareness program
Eight+ years of progressive experience in computing and information security, including experience with Internet technology, security, and payments in an enterprise environment.
Experience with security policy development, security education, web application security, network security, network penetration testing, application vulnerability assessments, risk analysis and compliance management as well as a CISSP is required.
CISA, CISM, GIAC, and other security certifications highly desirable.
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA, etc.) and security standards and policies are a must.
Must have strong analytical, consultative and problem solving skills and be a strong communicator (oral, written, presentation).
BA or BS in Computer Science, Management Information Systems, or related field.
||Foster City, CA |
THIS JOB HAS EXPIRED