Director of Information

About the Job:

Our growing organization is looking for an expert and enthusiastic Director of Information Security to help develop and refine Sama Information Security's strategic roadmap, operational procedures and reporting across our information security governance, risk, and compliance work. This role will collaborate cross-functionally to ensure we are within compliance with our customers and 3rd party requirements (i.e. InfoSec, ISO, PII) as well as local, and international information security, privacy measures and business requirements (e.g.. GDPR, DP, TISAX).

You will advocate for the protection of our users’ data; evangelize data privacy and security best practices; establish and operate global information security programs. The role is also responsible for interactions with customers and prospects in addressing security and compliance questions and will be the face of Sama’s Information Security program and practices to external stakeholders.

The ideal candidate is a hands-on leader who can think strategically and carry company-wide initiatives from definition through implementation in collaboration with internal teams across Sama and externally with our customers. You will be the person who is responsible for assessing the regulatory environment in which we do business—as well as the security needs of our customers—and working with functional leads to establish programs that ensure we are compliant and protected.

If you have a proven background in managing projects and improving processes in the audit or GRC space and building strong teams and relationships while doing it, we’d love to hear from you!

Key Responsibilities:

Create and maintain the strategic plan and roadmap for Sama governance, risk management, and compliance for information security.

Monitor continuous improvement of policies, procedures, and technology (including automation) related to security and compliance to enable risk reduction, business enablement and operational efficiencies

Independently assess compliance, security, privacy, legal and business risks and advise the management team accordingly

Manage internal and external security audits in collaboration with cross-functional teams

Lead BCP and Incident Response initiatives

Identify and classify Sama’s Information assets with respect to their sensitivity and criticality to the business across all functions and departments

Interact with the Sales Team for contract review and completion of customer security questionnaires and audits with a high level of customer service and responsiveness

Establish trusted relationships with business stakeholders across a geographically distributed team to foster continuous improvement and change management in compliance practices

In collaboration with Product/R&D, establish standards and workflows that ensure our product development teams are building and maintaining secure, compliant software systems

Led development of security and compliance KPIs and metrics to track program effectiveness

Maintain and mature comprehensive security awareness and training programs

Interact with industry experts and stay abreast of best practices in the security and compliance space to maintain technical expertise and apply these practices to Sama business challenges

Willingness to participate in global conference calls and meetings outside of normal business hours to facilitate global business

Minimum Qualifications:

Bachelor’s degree in a related field

8+ years of related experience; 2-3 years of leading/managing teams

Prior experience establishing and maintaining InfoSec programs, compliance and other programs for regulations or certifications such as ISO, GDPR, SOC2, TISAX etc.

Global Privacy experience and knowledge is an added advantage (EU, US, APAC ideally)

One or more industry certificates e.g. CISSP, CISA, CISM, CRISC, CIPP, PMP, PRINCE2

Strong project management skills with the ability to manage and coordinate multiple projects and prioritize work in a fast-paced atmosphere with minimal supervision

Preferred Qualifications:

Experience implementing and maturing security programs in a fast-paced start-up/emerging growth environment

Prior experience with B2B SaaS products, enterprise application

Capable of thinking independently and creatively to analyze situations and potential repercussions and communicate and execute the necessary steps to solve problems

A self-starter with the ability to work independently and as part of a team displays a cooperative work style

Ability to interact effectively with employees at all levels of the organization

Excellent communication skills (verbal, written and interpersonal) with the ability to present clear, well-thought-out recommendations

Attention to detail and accuracy

Ability to discreetly handle highly confidential and proprietary information

Ability to deal with ambiguity effectively