Director, Information Security and Deputy CISO
We are in search of a creative and driven security leader to oversee our Information Security group. The InfoSec group is an ambitious, diligent, highly motivated group working together on an important and complex mission; improving the security posture of Paylocity by keeping our customers and employees safe from real world information security threats. We are looking for someone with passion for security, technology, product, engineering, and the knowledge that it begins with people and teams.
In this cross-functional role, you will lead numerous programs including (but not limited to) driving key information security priorities, governance, and vulnerability & threat assessment. You will be responsible for managing the reporting, investigation, and resolution of data security incidents. You will also provide guidance and direction on best practices for the protection of data and information and ensuring compliance with regulations and privacy laws.
The ideal candidate is a strong operational leader, curious partner, critical thinker, consensus builder, people motivator, and has a strong rapport with engineering. They have the ability to lead cross functionally, integrating people and processes, to position Paylocity as the most secure platform in the industry.
Are you the teammate we are looking for?
Who you are:
- Comfortable working at all levels of the organization
- Passionate about information security and technology
- Both a doer and a leader who can operate at a granular level on information security matters, who gets into the details, and who can work across high levels in the organization
- Relentlessly curious about current market, technology, and cyber security trends; able to adapt accordingly
- A superior communicator with an affinity for change and transformation
- Unflinching in your desire to build and operate a world class information security team
- Highly emotionally intelligent, possessing the ability to adjust style to meet the needs of the audience
How we work:
- Dedicated Security and Tech Operations experts committed to cutting-edge infrastructure and tools
- Smaller, self-sufficient teams with an entrepreneurial spirit driven by results
- Casual, collaborative, agile environment which embraces and operates under our shared principles
- Complete transparency with open, honest discussions about our progress
- Close working relationship between executive stakeholders and both our technology and security teams
What we offer:
- Lean enabling process that focuses on putting our product, technology, and information security teams in the best position to succeed together
- A commitment to investing in our people, products and technology; hiring the best talent, and giving them the chance to meaningfully contribute to a vast market opportunity
Education & Experience:
- Bachelor’s degree
- 10+ years leading and coaching teams to their highest potential in a fast-paced agile environment
- 5+ years of experience identifying and remediating information security risks as part of a vulnerability assessment and remediation programs in a technology company
- Knowledge of security standards / frameworks, i.e., ISO 27001, SSAE-18, NIST, etc.
- Knowledge of applicable laws and regulations, e.g., HIPAA, SOX, GLBA, etc.
- Successful track record of helping to implement security initiatives and frameworks in a flexible, non-dogmatic manner
- Ability to understand technical issues teams typically face and act as a player/coach for blocker removal
- Collaborative approach to decision-making, ability to influence without direct line of reporting
During the last three months you would have:
- Demonstrated a high sense of urgency with strong pragmatic problem-solving skills and the ability to identify, analyze, and resolve problems
- Developed/executed roadmaps for all high priority InfoSec initiatives, and lead cross-functional execution to drive initiatives to completion
- Worked with the CISO to manage information security and governance activities
- Represented the company in discussions with auditors and regulators
- Coached individual leaders at multiple levels able to demonstrate tangible results
- Achieved objectives by contributing information and recommendations to strategic plans, identifying trends and driving changes
- Built relationships with stakeholders across all levels and departments