Vice President, Information Security
Be part of an innovative organization by joining one of the country’s fastest growing startups that is reshaping the supply chain industry, and was identified as FreightWaves top 100 in 2020.
As FourKites’ Vice President, Information Security, you will be responsible for creating and managing a global, enterprise wide security program to ensure that our information assets are adequately protected. Reporting directly to our Chief Technology Officer, you will create strategy, policies and frameworks as they relate to application security, infrastructure security, compliance and security operations.
Responsibilities
- Serve as cybersecurity risk and subject matter expert and advisor for senior management on emerging threats, attacks, vulnerabilities and security concerns
- Cyber risk and cyber intelligence: Be aware of the developing security threats, and help the board understand the potential security problems that might arise from acquisitions or other big business moves.
Legal & Compliance
- Experience with compliance to frameworks such as SOC-2 Type 2, CCPA, GDPR and ISO/IEC 27001 and such programs.
- Contract reviews. Creation of customer facing security collateral, respond to customer’s security related questions, support sales and other customer facing teams.
Application, Infrastructure and Data Security
- Data protection is of utmost importance. Ensure compliance with data privacy, use and sharing. Ensure data access is highly controlled and is for permitted use.
- Champion secure multi-tenant SaaS architecture practices. Develop threat models and engage in ongoing development discussions on secure architecture.
- Develop a world class security team with an agile, nimble and secure mindset.
- Work with the global engineering team to ensure alignment between security and development practices. Operationalize a security tool stack and secure SDLC.
- Ensure ongoing penetration testing with existing and new product launches.
Security Operations
- Threat monitoring and response to security threats emanating from external or internal factors.
- Security Incident Management.
- Direct Corporate IT Security and secure computing in the workplace.
Qualifications
- Bachelor’s degree in Computer Science or similar technical field, Masters preferred.
- Professional certification in security or risk management such as CISSP and CISM
- 12+ years of proven IT security experience with 4+ years in a senior leadership role
- Prefer someone with a technical background through application or infrastructure vs. compliance and program management.
- Experience with software/SaaS multi-tenant products is a huge plus.
- Ability to lead and motivate cross-functional teams while thriving in a fast-paced growing company
- Experience in identifying security issues and risks, and developing mitigation plans
- Designing, implementing, and enforcing security programs
- Excellent communication, interpersonal and leadership skills, able to communicate security concepts to both technical and nontechnical audience
- We are looking for a critical thinker, with strong problem-solving skills. Someone who can build an awesome security function, which drives action through strong advocacy and importance of security vs. being a security cop!
- We have a globally distributed client base and engineering team. Experience working with and embracing the global nature of our business is imperative.
- Ability to have fun, kick back and inspire!
Technical Experience
- Firewalls, intrusion detection software and network authorization configurations. Experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
- Experience in scripting / programming experience such as Ruby, Python, Shell/BASH etc.
- 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, threat modeling, pen tests, or vulnerability assessments
- Understanding of data security at rest and in motion, data entitlement, data privacy controls, data audibility, data expiration and data sharing, Identity & Access Management, SaaS Models, Identity Federation etc.
FourKites is the largest predictive supply chain visibility platform, delivering real-time visibility and predictive analytics for the broadest network of Global 1000 companies and third-party logistics firms. Using a proprietary algorithm to calculate shipment arrival times, FourKites enables customers to lower operating costs, improve on-time performance and strengthen end-customer relationships. With a network of more than four million GPS/ELD devices, FourKites covers all modes, including truckload, LTL, ocean, rail, intermodal, last mile and parcel. The platform is optimized for mobile and equipped with market-leading end-to-end security.
If you are a California resident, here is our California Applicant Privacy Notice.