Head of Security
New York, NY, USA
Posted on Friday, November 10, 2023
Join our team at ASAPP, where we're developing transformative Vertical AI designed to improve customer experience. Recognized by Forbes AI 50, ASAPP designs generative AI solutions that transform the customer engagement practices of Fortune 500 companies. With our automation and simplified work processes, we empower people to reach their full potential and create exceptional experiences for everyone involved. Work with our team of talented researchers, engineers, scientists, and specialists to help solve some of the biggest and most complex problems the world is facing.
The Head of Security is responsible for bringing alignment with the rest of the technology stakeholders, interacting with customers and executing the vision to advance ASAPP as one of the trusted partners in Generative AI. You will lead the following critical functions: Security & Privacy Assurance, Security Engineering & Architecture, and our Information Technology Services group. These teams are internationally distributed and made up of engineers with diverse backgrounds including: AI/ML safety and security, privacy, industry frameworks and compliance, application security, infrastructure security, enterprise security, incident response, service desk operations, and endpoint engineering. Principals at work include cloud centric infrastructure, mobile workforce, zero trust and a heavy focus on high availability, standardization, automation, scalability and security.
What You'll Do
- Lead and manage multiple functions in the Security & Trust Organization reporting to Chief Security & Trust Officer: Security & Privacy Assurance, Security Engineering & Architecture, and our Information Technology Services group
- Develop a target profile for the ASAPP's program maturity, aligned with the strategic objectives and timelines of the business.
- Heavily influence, inform, and contribute to security strategy and priority through risk-informed security control roadmaps, and practical business-aligned security reference architectures.
- Design, build, implement, (or partner to implement) an agile, resilient, and innovative process and technology control capability aligned to the risk appetite and top-notch industry practices.
- Partner closely with stakeholders in Engineering, SRE, ML Engineering, and Product to drive security control development and management deep into the product from infrastructure to features in alignment with current thresholds and drive an agenda to continuously close gaps to threshold targets.
- Establish strong accountability for product security by building on a culture of data transparency, distributed responsibility, and developer education with a risk-centric and business-aligned mindset.
- Develop, measure, and manage key metrics to continuously inform executive leadership of product security status on a continuous basis.
- Maintain a strong understanding of ASAPP's technical environment, stack, enterprise, customers and outside integrations to inform design, architecture, strategy and approach for all engineering activities.
- Maintain a deep understanding of the ASAPP products and ASAPP's approach to AI automation to develop thought leadership and discover new areas of value with regard to AI in the enterprise.
- Develop and maintain a control framework that meets the requirements associated with client contract terms and the standard of due care in their industries, including but not limited to NIST CSF, NIST AI RMF, AICPA SOC 2, PCI DSS, HIPAA, ISO27001, GDPR, GLBA, and FFIEC.
- Work at all levels of the company to implement assurance processes in support of the Policies and Standards, innovating and automating where possible to achieve meaningful assurance outcomes in the most advantageous way possible.
- Conduct and coordinate internal and external risk and maturity assessments and audits (such as SOC 2 and PCI DSS), and report on progress, providing data and input for leadership, executive and board level presentations.
- Advise leadership and personnel with regard to the inherent and residual compliance and security risks associated with strategic initiatives, partnerships, products, and projects.
- Develop an efficient and effective third-party/vendor security risk management program, whereby an acceptable level of risk is maintained. Utilize technology and automation to add the greatest possible efficiency while achieving the appropriate level of assurance.
- Procure, coordinate and maintain third-party forensics retainers, and work with Legal to procure and maintain cyber insurance and relevant legal retainers with cyber counsel.
What You'll Need
- Prior experience in multi-disciplinary security leadership roles
- Strong verbal and written communications with the ability to communicate security mission, vision, and purpose clearly and in varying forms and attitudes to all business stakeholders regardless of organization or position
- A foundational technical background with a total of 10+ years of practical experience
- Previous experience with enterprise IT management, including laptops/desktops, servers, mobile devices, networks, and cloud services
- Experience managing multiple teams, contractors, and vendors
- Prior experience in a hyper growth technology company working closely with product, developers, and DevOps/SRE engineers
- The ability to cultivate partnerships through a service delivery model mindset
- Knowledge and experience with industry security models and frameworks from control models, maturity models, to threat models, etc.
- Both scale and process-centric thinking with past experience in high-growth organizations
- Exceptional ability to synthesize and visualize data for critical risk-based decision making
- Prior depth of experience with security incidents
- Experience with DevOps environments and AWS security controls
- Deep understanding of IP networking and hardware - switches, routers, firewalls, wifi infrastructure
- Strong HA/DR/BCP/scalability design and implementation skills
- Competitive compensation with stock options
- Comprehensive medical, vision, and dental insurance
- 401k matching
- Fitness and wellness stipend
- Mobile phone reimbursement
- Mental well-being benefits
- Professional learning and development stipend
- Parental leave, including adoptive and foster parents
- 3 weeks paid time off (increases with tenure) and unlimited sick leave
ASAPP is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status. If you have a disability and need assistance with our employment application process, please email us at firstname.lastname@example.org to obtain assistance. #LI-AG1 #LI-Hybrid