MeridianLink is hiring a
Remote Chief Information Security Officer #1643
\nThe Chief Information Security Officer will lead MeridianLinkโs information security functions. This position provides leadership and oversight for MeridianLinkโs security program. Responsible for both IT security operations, and information security compliance with a focus on MeridianLinkโs product security architecture and SaaS security operations.\nThe position will work with peers in Engineering, Enterprise Architects and the Product Owners to provide technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.\nKey Responsibilities\nManagement and Leadership\n\n\nโขTechnical experience to lead on architectural and technical security by design\nโขDevelop strong working relationships with technology and business partners across multiple locations in support of security, compliance, and audits for the organization.\nโขProvide strong positive and collaborative leadership to executive teams, other departments such as engineering, product management, legal, support, and IT. Also, lead and manage Information Security teams composed of internal and external resources\nโขTake initiative to identify gaps and changes required to address security threats and compliance with products.\nโขPresent risk information to executives and advise on remediations.\n\n\nInformation Security\n\n\nโขResponsible for the review and certification of all back up and disaster recovery plans\nโขOversee the secure development, design and implementation of new applications and changes to MeridianLink SaaS applications\nโขDirect and manage computing and information security plans, policies, programs and project schedules\nโขContinue to build and enhance secure application design and development policies and practices\nโขPartner with IT to ensure that the technical and security needs of internal systems and services are met\nโขDevelop and maintain security policies and procedures including, but not limited to, incident response plans, business continuity plans, etc.\nโขLead the implementation and operation of security services such as vulnerability assessment, threat monitoring and incident response\nโขOversee security design and architecture including IaaS and PaaS cloud migrations\nโขLead vulnerability, change, and configuration management, for applications and infrastructure\nโขOversee administration of security services, including antivirus, IDS/IPS, data loss prevention, and security monitoring.\nโขCustomer facing responsibilities, such as pre-sales, facilitating due diligence requests, RFPs, and customer security concerns\nโขFirst line incident response and support for remediation\nโขProvide Identity and Access management solutions to ensure appropriate access to sensitive data\nโขMonitor the SDLC and ensure that coding is done with secure best practices (OWASP framework or equivalent) including modern deployment methods such as CI/CD pipelines\n \nSecurity Assessments and Audit Management\nโขExperience leading red/blue security teams.\nโขConduct application assessments (design reviews and pen tests) and lead implementation of associated application security technologies\nโขPerform risk assessments on new technologies or discovered vulnerabilities\n\n\nInformation Security Awareness\n\n\nโขImplement organization-wide security awareness initiatives and provide timely information to employees and leadership regarding new and emerging threats\nโขCollaborate with all teams to communicate and enforce security controls\n\n\nLegal and Governance\n\n\nโขDevelop and maintain processes, policies, and technical controls in support of certifications programs and continual compliance with ISO/IEC 27001/2, SOC 1, SOC 2, and other applicable international privacy regulations.\nโขContinuously monitor security controls for all IT Security frameworks\nโขOversee customer Information Security audits\n\n\nQualifications Education & Experience\nBachelorโs degree in a relevant field or equivalent years of experience is required. Equivalent years of\nexperience are determined as one year of technical experience for every year of college requested.\n\n\nโขMinimum 10 years of experience in Enterprise Information and Product Cyber security\nโขStrong knowledge of Secure Development Lifecycle and CI/CD automation tools (TF, Git, Jenkins)\nโขKnowledge of regulatory and standards-based compliance related to cloud and mobile applications, and data confidentiality (e.g., GDPR, FEDRAMP/FISMA, SOC 2, and ISO 27001, etc.)\nโขExperience with the application of risk identification and evaluation techniques\nโขAdvanced knowledge of Cyber Security and full knowledge of multiple (full-stack) related engineering functions\nโขPreferred experience with securing cloud architectures (Azure/AWS) and/or Kubernetes\nโขPreferred experience leading red/blue security teams and working with engineering teams to remediate findings\n\n\nSkills/Certifications\nInformation Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is required\nExperience with Financial services or Software-as-a-Service (SaaS) companies\n\n\n\n\n\n\n\n\n\nMeridianLink has a wonderful culture where people value the work they do and appreciate each other for their contributions. We develop our employees so they can grow professionally by preferring to promote from within. We have an open-door policy with direct access to executives; we want to hear your ideas and what you think. Our company believes that to be productive in the long term, we must have a genuine work-life balance. We understand that employees have families and full lives outside of the office. To that end, we honor their personal commitments.\n\n\nMeridianLink is an Equal Opportunity Employer. We do not discriminate based on race, religion, color, sex, age, national origin, disability, or any other characteristic protected by applicable law.\n\n\nMeridianLink runs a comprehensive background check, credit check, and drug test as part of our offer process.\nSalary range of $269,600 to 346,100. [It is not typical for offers to be made at or near the top of the range.] The actual salary will be determined based on experience and other job-related factors permitted by law including geographical location.\n\n\nMeridianLink offers:\nPotential For Equity-Based Awards\nInsurance coverage (medical, dental, vision, life, and disability)\nFlexible paid time off\nPaid holidays\n401(k) plan with company match\nRemote work\nAll compensation and benefits are subject to the terms and conditions of the underlying plans or programs, as applicable and as may be amended, terminated, or superseded from time to time.\n#LI-REMOTE \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, SaaS, Cloud and Mobile jobs that are similar:\n\n
$55,000 — $87,500/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐
We hire old (and young)\n\n
\n\n#Location\nUnited States