We are seeking an experienced information security leader to join as the Director, Information Security. Reporting to the VP Technology, you will be responsible for understanding the business and supporting the overall business strategy, establishing the security strategy, prioritization of security related initiatives, and alignment of investment to mitigate our information security risk. You will create trust and credibility by building a track record of delivering high quality, standardized security solutions on time and within budget.
You and your team will be responsible for managing data and information risks related to product development, technology solutions, vendors, crisis management and regulatory compliance. You will direct the adoption and implementation of a cloud security risk framework, policies and procedures, and ensure appropriate compliance. You will manage cyber threat analysis activities and guide the development of the information security technical architecture and security standards, controls, procedures and guidelines, applications, and vendors.
You are an articulate and persuasive leader with a passion for building innovative, scalable, pragmatic, and business focused security programs. With experience in SaaS security and DevSecOps, you will be informed on security and technology trends that will help support the success of Hootsuite’s global cloud business.
Key Responsibilities Include:
Make information security accessible and relevant in Hootsuite’s fast-paced environment.
Define and deliver the Information Security and Data Privacy Protection Strategy and Roadmap.
Define Information Security policies, standards, plans, and guidelines consistent with corporate security objectives, generally accepted and leading-edge Information Security practices, frameworks, and professional security standards. Communicate policies and procedures to all personnel and ensure appropriate compliance.
Inform and facilitate management in exercising appropriate information security governance and risk management to ensure the confidentiality, integrity, and availability of Hootsuite’s digital assets. Communicate best practices and risks to all parts of the business.
Direct and approve Hootsuite’s information security architecture, and design of security systems. Oversee identity and access management.
Ensure compliance with the relevant laws and applicable regulations. Manage internal and external audits for all compliance related activities.
Build effective relationships and communications with the business functions, internal technology, and product development teams.
Develop and deliver general information security, risk management, privacy awareness and secure software development education programs.
Stays abreast of industry trends in information security, legal, data protection, privacy, regulatory, technological developments, Hootsuite's areas of business and consult with internal and external stakeholders accordingly.
Manage security incidents and events to protect company assets, including intellectual property, regulated data and brand reputation. Review investigations after breaches or incidents, including impact analysis and recommendations. Manage electronic discovery and digital forensic investigations.
Assist with the development and monitoring of disaster recovery and business continuity plans, ensuring they are in place and regularly tested. (Whoot! Disasters!)
Manage all teams, employees, contractors and vendors involved in information security. This includes hiring, training, staff development, and performance management.
Professional experience & qualifications:
You are an experienced senior information security leader from the SaaS sector. You have significant experience building highly scalable software systems, applications and platforms being developed for enterprise customers.
10+ years of proven experience and demonstrated success in technology leadership with emphasis on SaaS information security. Experience building, leading and motivating information security teams. Leads by example with strategic thinking and a focus on execution.
Strong oral and written communication skills with ability to understand technology sufficiently to clearly communicate the complexity in simple terms for key stakeholders.
Knowledge and understanding of relevant legal and regulatory requirements.
Results orientation with proven ability to set clear and measurable expectations, mobilize and energize complex cross-functional teams to implement creative out of the box solutions.
Proven ability to work with competing resources, budget limitations, and strong conflict management and problem solving skills.
Ability to present information in a variety of different formats and influences all levels of the organization, including executives.
Demonstrated leadership skills with the ability to develop individuals to their optimal potential.
Strong bias toward customer service and improving the overall customer experience.
Well versed in information security industry best practices on cloud based environments. CISSP, CRISC or CISM certification a plus.
Ability to acquire both Canadian and/or U.S. Government security clearances.
An undergraduate degree or postgraduate degree in Computer Science, Software Engineering, or Electronic Engineering.
Hootsuite is an inclusive employer. Every effort will be made to provide accommodations requested by candidates taking part in all aspects of the selection process.
Additional Salary Information: Plus 25% annual bonus
Hootsuite is the most widely used social media management platform. We have 15+ million customers and are recognized as a leader in social media management by Forrester, one of the most influential research and advisory firms in the world. Our battle-tested technology, extensive ecosystem, and social DNA help organizations create human connections at scale. Launched in 2008, Hootsuite has close to 1,000 employees spread out across Vancouver, Toronto, San Francisco, London, Singapore, Bucharest and other locations.