Windmill
We design & build digital product experiences which delight.
Experience Design • Product Discovery • Design Sprints • Enterprise Engineering • Digital strategy
201 - 500
Chief Information Security Officer
August 19, 2023
🏡 Remote – Anywhere in California
Windmill
We design & build digital product experiences which delight.
Experience Design • Product Discovery • Design Sprints • Enterprise Engineering • Digital strategy
201 - 500
Description
• As Windmill Digital's CISO, you'll play a pivotal role in guiding our information security and data privacy initiatives. We seek a seasoned professional to leverage their extensive knowledge and hands-on expertise to fortify our cybersecurity posture, aligning with our growth trajectory. • Security Architecture & Strategy: Design and develop a holistic information security and data privacy program, scaling with company growth. Formulate best practices and set security standards, while preparing and documenting SOPs and protocols. Spearhead security assessment processes, encompassing penetration testing, vulnerability management, and secure software development. Expand security tooling and automation efforts across the organization. • Threat Management & Mitigation: Proactively spot security issues and threats, devising robust processes and systems to safeguard against them. Steer compliance endeavors, including external audits, regulatory compliance initiatives, and overarching security evaluations. Convey infosec and data privacy operational goals, relaying their impact to stakeholders. • Stakeholder & External Communication: Engage with outside stakeholders, encompassing customers, partners, compliance bodies, and other legal/regulatory authorities. Deliver strategic risk guidance, evaluating and suggesting technical standards and controls. Set in place a robust incident management process.
Requirements
• 5 to 8 years of proven information security management experience. • Bachelor’s degree in Computer Science, Cybersecurity, or related fields. • Certifications like CISSP and/or CISA are preferred. • Expertise in compliance, especially in frameworks such as COBIT, ITIL, ISO27001/2, NIST, and SOC2. • Hands-on experience in security assessment, cloud architecture, threat modeling, and policy drafting. • In-depth comprehension of Secure SDLC, DevSecOps, or security automation. • Ability to communicate effectively with external Data Privacy and Info Sec representatives. • Knowledge of key legislations like HIPAA, SOX, PCI, and GDPR. • ISO27001 auditor or implementer experience can be additional plus
Benefits
• A flexible work culture, emphasizing autonomy over when and where you work. • Competitive remuneration and perks. • An inclusive environment fostering diversity and international collaboration. • Engaging tasks with opportunities for career growth. • Periodic performance reviews, synchronized with promotional cycles.
Apply Now
