Job Description
Technical Director of Security
Location: Remote
About Us
Our mission at Wrapbook is to increase the prosperity of the project economy. A significant shift has occurred within the workforce recently and 50M Americans are now engaged in freelance or project-based work. The popularity of project based employment has introduced flexibility for both employers and employees but also added complexities from a compensation and administrative standpoint. Our vertical fintech platform enables companies to seamlessly onboard, pay and insure their workforces.
We’re building the best product for the entertainment industry, a 50B market, and have big goals we want to achieve. With over 130M USD raised from Tiger Global Management, Andreessen Horowitz, Equal Ventures, Uncork Capital, Jeffrey Katzenberg and CAA co-founder Michael Ovitz, we are at an exciting stage of growth and there isn’t a better time to join!
The Opportunity
Wrapbook is seeking a Technical Director of Security to join our team. This person will provide technical and business leadership across the security space including cloud security, application security, identity and access management, security operations, and security compliance to protect and enable our business. This leader will develop an in-depth technical understanding of our applications and systems to direct security and engineering teams, participating in architecture design and integration strategy as needed. In partnership with leadership, they will develop and implement a comprehensive security mission, vision, and strategy covering cloud, application, and infrastructure security that is balanced with the risk appetite of the business and the nuanced needs of our industry. They should be able to design and articulate complex technical challenges and solutions effectively at all levels of stakeholders, including executive-level management. They should expect to have oversight and manage the overall security program at Wrapbook.
- Evolve the security organization and program at Wrapbook.
- Develop and lead team to deliver on an annual roadmap for Security
- Define and lead security engineering and operations at Wrapbook. This role will develop and apply security incident response plans, be a key leader in coordinating security incident response, and act as the final escalation point for technical and security incidents as needed.
- Must deeply understand the solutions implemented by our security engineers and be able to jump in and work alongside our security engineers to provide technical guidance, get projects across the finish line, troubleshoot implementations, or respond to incidents, up to and including hands-on work such as reviewing code and configuring systems as needed.
- Advise the executive team on security implications of business decisions and risk management approaches. This includes the ability to quantify and articulate critical business tradeoffs as it relates to varying levels of security risk.
- Develop and manage security budget forecast and expense across categories (e.g., services, software); develop a view on appropriate ROI for security spend and track/report on as a metric
- Provide security leadership in the planning and testing of business continuity and disaster recovery efforts.
- Design and apply an appropriate security risk model to our business. Proactively understand business short- and long-term needs and align security org objectives to those needs.
- Define and manage security projects and programs
- Develop a cohesive strategy around prioritizing and implementing applicable security controls and tools
- Provide technical leadership and guidance on the design and implementation of cloud, application, and platform security solutions, investigate security incidents, and coordinate incident response efforts.
- Lead team to deliver on security testing, including threat modeling, risk assessment, vulnerability management, SAST and DAST, and penetration testing and drive remediation accountability and ownership with relevant stakeholders.
- Lead security projects to implement appropriate security controls to ensure Wrapbook has high availability, confidentiality, and integrity service levels and is able to achieve industry certifications such as SOC.
- Maintain a pulse on threat landscapes as relevant to our business and industry; provide direction to the business on prioritizing threat management.
- Direct the Governance, Risk, and Compliance space to deliver on security risk programs including assessments, tracking, and monitoring activities
- Take a data-driven approach to delivering results
- Collaborate closely with product and engineering to implement security-by-design in our product development lifecycle. Able to provide technical subject expertise at all levels – from guidance and input into the technical design to product and engineering roadmaps to ensure compliance with regulatory standards.
- Establish and communicate a data-driven prioritization framework to ensure security engineering and resources are allocated in a way that best supports business near-term needs and long-term goals in a balanced manner
- Design and report on security project metrics and impact on business metrics at various forums, helping stakeholders at all levels understand impact of security work and a mutual definition of security health at Wrapbook.
- Build systems, practices and policies that comply with important security standards, such as SOC2, ISO27001 and/or the NIST Cybersecurity Framework. Prioritize which industry frameworks to align our security practices with.
- Foster a security-minded internal culture.
- Establish strong mechanisms for collaboration and build relationships with cross-functional partners and departments as part of scaling the effectiveness of security at Wrapbook, especially with our Privacy, Fraud, Legal, Support, and Engineering leaders.
- Maintain and evolve effective security and compliance internal training
- Proactively educate internal and external stakeholders on security threats, vulnerabilities, and best practices
- Partner with marketing and sales to craft and communicate our security narrative as a high value/high impact customer benefit and differentiator.
- Lead security policy development and enablement to enable the confidentiality, integrity, and availability of systems and the data
- Inspire and grow our security talent and internal teams.
- Internally champion the security narrative and alignment with business objectives with cross functional teams.
- Help the security team continuously align their projects and objectives to changes in relevant business needs. Educate and inspire the security team and the broader organization to uphold ownership over our security posture.
- Develop and grow our security talent in their careers
- Manage third party relationships
- Customer and prospect relationships: you will be the primary POC representing Wrapbook’s leadership in information security-related conversations with customers and prospects.
- Security service provider relationships: you and your team own and manage vendor relationships and scope of work with third party providers of security-related services we may contract such as external penetration testing on behalf of Wrapbook
- Other external relationships: you will be the primary POC representing Wrapbook’s leadership in information security-related conversations with other parties such as other third-party solutions we may integrate with (e.g., financial services, payment processors) and regulators as needed for partnership development or incident response.
Requirements
- 8+ years of relevant experience
- High integrity, accountability and ownership when it comes to solving security challenges or tackling opportunities.
- Strong knowledge of and experience in application, system, database and network security
- Strong research and analytical skills
- Must have at least CISSP information security and data protection certification, additional e.g., CISA, CRISC, CISM, etc. a bonus
- Proven experience leading and managing technical and non-technical roles, including developing talent/direct reports and effectively managing service providers to produce deliverables.
- Deep understanding of and proven experience with ensuring security investments practically support the security principles of confidentiality, availability, and integrity for our business.
- Familiarity with the practical application of security and governance frameworks (e.g., NIST)
- Experience with complex project or program management
Nice to have
- Familiarity with Rails