Openly is hiring a Remote Senior Director Information Security
\nAs the Senior Director of Information Security, you will build our security structure from the ground up and establish our security footprint to fit the needs of a growing organization. You will do this by working closely with cross-functional teams to identify potential risks and develop strategies to mitigate them. You will establish security policies, procedures, and guidelines, and enable compliance throughout the organization. In this role, you will apply a risk-informed approach to security and compliance, enabling the business to operate in safe and secure ways.\n\n \n\nKey Responsibilities \n\nSecurity Strategy: \n\n\n* \n\n\n* Develop and execute a comprehensive information security strategy that aligns with the organization's business goals and objectives.\n\n* Collaborate closely with the VP of Engineering, VP of Legal and Compliance, IT Director, and CTO on security strategy\n\n* Provide oversight for security governance and risk management, including risk assessments, vulnerability management, and incident response planning.\n\n* Develop and implement an incident response plan, including detection, containment, mitigation, and recovery strategies.\n\n* Promote a culture of security awareness throughout the organization by conducting training sessions and awareness campaigns.\n\n* Provide regular updates and reports to senior management and stakeholders on the state of information security within the organization.\n\n\n\n\n\n\n\n\nPolicy and Compliance: \n\n\n\n\n* Establish and maintain information security policies, standards, and procedures in compliance with relevant industry regulations (e.g., GDPR, PCI DSS, state Insurance Data Security laws) and best practices.\n\n* Coordinate and oversee internal and external security audits, assessments, and penetration testing activities.\n\n* Evaluate and implement security technologies and solutions to protect the organization's assets.\n\n* Evaluate and manage security risks associated with third-party vendors and service providers.\n\n\n\n\n\n\n \n\nWhat Youโll Bring\n\nExperience\n\n\n\n\n* Experience establishing a security program from the ground up to fit growing business needs as an individual contributor and leader\n\n* Proven management abilities\n\n\n\n* Experience guiding and growing teams of teams, balancing security, compliance and engineering needs with the needs of the business.\n\n* Demonstrated ability to leverage resources and teams to deliver multiple projects from start to finish in reasonable overlapping time frames\n\n* Experience developing a strategy or roadmap for your teams\n\n\n\n\n\n\n\n\nTeamwork\n\n\n\n\n* Defaults to a collaborative mindset to work with multiple stakeholders to maximize our resources\n\n* No Egos - focuses on the best outcomes for the security, engineering, and IT teams and the company over ownership of any particular project, process, or people, demonstrating high engagement and low attachment\n\n* Passion for fostering DE&I to build effective, capable teams\n\n\n\n\n\n\nAccountability\n\n\n\n\n* Comfortable making decisions, owning and being accountable for results\n\n* A high level of comfort navigating and making decisions and recommendations in environments of ambiguity\n\n\n\n\n\n\nProblem-solving\n\n\n\n\n* Bias towards action over perfection\n\n* Ability to juggle both a long term investment approach and an iterative approach to address immediate needs while understanding long term implications. \n\n* When presented with a complex problem, process, or existing system, you can consistently reduce the complexity to get more done with less work.\n\n\n\n\n\n\nRequirements\n\n\n* Typically requires 10+ years of experience across management and security domains\n\n* Familiarity and willingness to work with Agile methodologies\n\n* Excellent written and verbal communication\n\n* CISSP, CISM, or other cybersecurity certifications preferred, but not required\n\n* Working knowledge of one or more public cloud technologies (AWS, Azure, Google Cloud) and information security in a hybrid cloud environment\n\n* Risk management experience\n\n* Familiarity with PCI Data Security Standards and other financial industry-accepted security standards and frameworks\n\n* Working knowledge of PAM, SIEM, SSO, WAF, endpoint detection, and email threat management technology\n\n* Proficient with network and application security tools and best practices\n\n\n\n\n\n#LI-CB1\n\nOur stack (for reference)\n\nWe do not expect competency in this stack to be successful, but awareness in security concerns associated is a plus: \n\n\n* Backend/Core: Go & Postgresql\n\n* Frontend: Browser-based, VueJS, Webpack, Nuxt &, Tailwind\n\n* Research/Data Science: R, ArcGIS, H2O, & Python\n\n* Infrastructure: Google Cloud, specifically Cloud Run, Cloud Build, and CloudSQL, managed with Terraform. We use GitHub for code hosting and CircleCI for running our CI/CD pipelines.\n\n* Remote work tools: Slack, Zoom\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Testing, Cloud, Senior, Legal and Non Tech jobs that are similar:\n\n
$50,000 — $80,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.
This job post is closed and the position is probably filled. Please do not apply. Work for Dfns and want to re-open this job? Use the edit link in the email when you posted the job!
๐ค Closed by robot after apply link errored w/ code 403 10 months ago
Terms\n\n\nTitle: Chief Technology Officer\n\nSalary: $200-300K / year (avg base range).\n\nEquity: 1.0-2.0% (โ $10-20M in the case of a $1 billion exit).\n\nLocation: Remote (North America or Europe preferred).\n\nBenefits: Health, dental, and vision insurance, 401k matching or similar, flexible PTO, sponsored transportation, gym, food, Apple devices, home office equipment, team retreats, and more.\n\n\n\nDescription\nYou will be leading an ambitious technology team that aims to build the leading wallet provider of the multi-trillion-dollar digital asset industry.\nYou will join a stellar team of leaders (CEO, COO, CPO, Chief Scientist) and experts (Software Engineers, Offensive Security Engineers, Cryptographers, Protocol Designers) in a highly challenging and collaborative environment. We are seeking an exceptional CTO with extensive experience in computer science, cybersecurity, cryptography, and blockchain/web3 to join our world-class team. You will lead the engineering team, set the technology strategy, and drive the development of our products to new heights. You will need to manage and collaborate with diverse teams spanning engineering, research, security and infrastructure, requiring both a solid technical background and excellent management skills. We are looking for a highly skilled engineering leader with proven ability to master the full SDLC, while remaining focused on high- level product vision and strategy, cross-team coordination, methodological guidance, workspace optimization and delivery process improvements.\nAs CTO, you will be responsible for driving the companyโs tech roadmap and spearheading the development of products. You will work closely with the CEO, CPO, and other senior executives to define and execute on the product vision and strategy. The ideal candidate has a keen eye for gaps in client product offerings and the innovative mindset to fill them. We expect you to act as a visionary and an avid evangelist of our technology. Additionally, it is important to understand that our CTO is the technical leader of a cybersecurity company and is expected to contribute proactively to the development and implementation of comprehensive, product- wide information security strategies. We expect you to ensure that our technical architecture and code design adhere to security best-practices and regulatory requirements, and to proactively mitigate any potential attack vectors. This includes strategic vision, scoping of requirements, design, development, implementation, incident response, budgeting and compliance to all necessary protocol, standard, regulation and legal requirements in collaboration with in-house and external counsel. You will be overseeing a range of technical and process security controls, as well as leading a program of continuous improvement in response to moving security threats. Ultimately, you must have the ability to co-lead the assessment of high-and-low-level security risks to prepare the company for any cyberattacks.\nResponsibilities\nYour primary goal will be to lead the engineering team towards building a delightful product that works well, ensure technical security, and align technology with overall business objectives.\nExample of a primary metric would beย Time to Market for New Products.\nYour day-to-day tasks will involve:\n\n\nShare the big picture with your team, define priorities within the technical roadmap, and be accountable for the deadlines and the quality of the code.\n\nAct as a powerhouse of ideas on all product and engineering issues.\n\nOwn and drive the software lifecycle from design to launch to ongoing availability.\n\nEnsure end-to-end feature implementation using Scrum and define the KPIs to follow.\n\nPay attention to developer experience quality and obsess over reducing maintenance friction, implementation time, error management time, and other aspects that deteriorate the programmability/buildability of the product.\n\nDetermine and manage the technology budget, ensuring that we are efficiently utilizing our resources to achieve our business objectives.\n\nWork with the executive board and engineering team to gain extensive, in-depth insights into the product and its risk vectors.\n\nParticipate in the risk committee as a voting member and act as the main reference for sensitive, high-risk technical decisions.\n\nReview security models, look out for weaknesses, report possible threats or software issues, and find solutions to counter or mitigate them.\n\nEducate and foster a security-first culture across the engineering team to enforce a zero weak link policy and enable everyone to be proactive.\n\nFoster a culture of innovation, accountability, and continuous improvement across the engineering team and the company.\n\nAuthor, review, and update internal and external documentation and code.\n\nFacilitate cross-team communication and know-how exchange between team members.\n\nParticipate in client calls to provide technical explanations and show consistency.\n\nInterview and onboard new hires, coach and manage a growing team.\n\nAttend weekly meetings to discuss strategy with the CEO and other team leaders.\n\nKeep abreast of the latest developments in crypto and research emerging technologies to nurture the companyโs strategic orientations and propose change.\n\n\n\nRequirements\n\n\nAt least 10 years of experience in software engineering, with a minimum of 3 years as a CTO or similar leadership role in a fast-paced and dynamic startup environment.\n\nProven work experience in blockchain and crypto industries.\n\nEngineering expertise and ability to challenge the reasoning of other engineers.\n\nSolid technical background with understanding of information security and cryptography.\n\nExcellent technical architecture knowledge and proven systems design expertise.\n\nIn-depth knowledge of agile methodologies, modern software development processes, and lean project management.\n\nStrong problem-solving and analytical skills, with the ability to think out of the box.\n\nThorough understanding of the latest information security principles and techniques.\n\nExtensive experience with GCP, AWS, Azure and/or other cloud environments.\n\nProven experience in testing secure, fault-tolerant, and resilient systems.\n\nExperience in building products in compliance to industry-wide security frameworks such as NIST, ISO, SOC, C4, and others.\n\nPast track record of recruiting and developing a high performing engineering team, namely in fast-scaling environments (e.g., from 20 to 100-200 engineers).\n\nExperienced working with remote teams across several time zones and knows well how to create great relationships and a strong work culture regardless of location.\n\nExcellent communication and interpersonal skills, with the ability to work effectively with cross-functional teams as diverse as cryptography, marketing and legal teams.\n\nFounding-spirited technologist with grit and guts to tackle complex problems.\n\nAbility to make reasonable, efficient decisions even in stressful, ambiguous situations.\n\nExcellent written and verbal communication skills.\n\nHumble, respectful, and very professional to others.\n\n Extensive coding skills, ideally in Typescript and/or Rust.\n\n Experience with public key cryptography and key management\n\n Hands-on experience and willingness to contribute to open source projects.\n\n Proven track record working on developer tools or cybersecurity software.\n\n Extensive knowledge about crypto wallets and associated use cases.\n\n Has already created or contributed to a decentralized app or protocol.\n\n\n\nProcess\n\n\nIntro call with COO (30mn).\n\nKnowledge and personality tests (async).\n\nFocus interview with hiring panel (90-120mn).\n\nFinal interview with hiring panel and CEO (60mn).\n\nSubmission for approval by the Board.\n\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, Crypto, Testing, Scrum, Cloud, Typescript, Senior, Marketing and Digital Nomad jobs that are similar:\n\n
$60,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nWorldwide
# How do you apply?\n\nThis job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.