UserTesting’s first Director, Product Security & Chief Information Security Officer, or CISO, will lead the security team and will be responsible for all aspects of Information Security across UserTesting including data privacy & security policies, and strategic prioritization and funding of security initiatives. You will lead development, implementation and maintenance of information security infrastructure and processes that align with UserTesting’s security and data privacy needs.
- Lead UserTesting Information Security, including Security Engineering, data privacy and compliance
- Work hand-in-hand with leaders in Engineering, Product, Legal, Finance and IT teams to create a Security & Privacy culture and to constantly improve the security and privacy of company, employee and customer data
- Ensure that all security monitoring systems and processes are functional and effective
- Build collaborative relationships with key business partners
- Actively participate in UserTesting’s software development lifecycle to ensure that developers are trained in and are following secure coding practices as well as privacy-by-design standards
- Monitor changes in industry-relevant legislation and accreditation
- Maintain and enhance UserTesting’s Security Incident Response Plan, test the effectiveness of the program and coordinate incident response across the company
- Align with and report in a dotted-line style to UserTesting’s legal function and Audit, Risk and Compliance Committee chair of UserTesting’s Board of Directors
- Co-lead UserTesting’s Enterprise Risk Management program, as well as UserTesting’s General Data Protection Regulation (GDPR) and upcoming California Consumer Privacy Act (CCPA) efforts
- Drive UserTesting’s SOC2, PCI and SOX Information Technology General Controls (ITGC) implementations as well as other certifications that meet our needs
- Present ongoing updates and analysis to the Audit, Risk and Compliance Committee of UserTesting’s Board of Directors
What it takes to catch our eye:
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
- Experience as a hands-on information security professional who is able to technically lead and implement a strategic plan at the same time
- Experience implementing and maintaining SOC2, SOX and ITGC compliant systems
- Ability to create and execute against an information security and privacy vision by forging partnerships and leading by example
- Software-as-a-Service background is a must have.
How to really knock our socks off:
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM)
- Experienced leader who has successfully built security programs in either an online marketplace or cloud-based, fast-paced, public companies and/or higher-profile organizations
- Hands-on leadership style (a “player/coach”) with technical experience solving security challenges
- Demonstrated ability to effectively communicate complex security technology matters in an easy-to-understand manner to executives, teams and individual contributors across the organization
UserTesting is proudly committed to recruiting and retaining a diverse and inclusive workforce. As an Equal Opportunity Employer, we never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.