Director of Security
About us;
LogRhythm, a Thoma Bravo company is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades.
Who we are looking for:
The Director of Security has operational oversight of our security operations, security architecture and engineering, product security, physical security, awareness, privacy, governance, risk, and compliance functions in addition to being our liaison for legal and other business units within LogRhythm. You will lead the development and maintenance of our information security architecture, infrastructure, and processes that align to our company and product needs. You will be responsible for developing and ensuring adherence to information security governance, risk management, and compliance with security best practices and our corporate and product certification requirements (SOC2, ISO27001, GDPR, Privacy Shield, HIPAA, PCI, FedRamp, CMMC, DISA APL, FIPS and Common Criteria, etc.). You will have operational responsibility in ensuring our company, our customers, our products, and our data are protected. This is a unique opportunity to lead security in a security company. This position will report directly into the LogRhythm Chief Security Officer.
Here’s an overview of the responsibilities & challenges ahead:
- Accountable to operationally lead the US based security team
- Partner with the Chief Security Officer and Deputy CISO for EMEA, META, and APJ to lead security strategy (including subsequent financial budgeting)
- Work with leaders across the other LogRhythm business units to ensure and continuously improve the security and privacy of our company
- Significant focus and oversight of our governance, risk, and compliance program to ensure we reduce risk and meet compliance and legal objectives; to include the review of legal contracts, security questionnaires, vendor management, and adherence to product certification and compliance requirements
- Ensure effectiveness and improve security monitoring, detection, and response functions
- Actively participate in security architecture with our IT/IS organization, Product Management, and Engineering
- Partner with our other Deputy CISO for EMEA, META, and APJ to ensure the security program is in sync and operationally effective globally
- Create and champion a corporate security culture; an office of “yes and” to ensure we can execute the operations of the business at the lowest level of security risk.
- Monitor changes in legislation and accreditation to ensure LogRhythm’s continued compliance
- Responsible for reporting key, risk based, performance metrics that demonstrate effectiveness of our program and a return on investment for our executives and the board
- Manage and develop security practitioners within the security organization
- Build collaborative relationships with key business partners
Required Skills:
- Previous experience leading security teams and programs with at least 3-5 years in a security management function
- Strong background in governance, risk, privacy, and compliance; especially within a software or technology service provider
- Knowledge of federal and state information security policies, standards, principles, practices, and framework (e.g. FedRamp, CMMC, NIST)
- Knowledge of security best practices and frameworks such as ISO27001 and NIST
- Knowledge of security architecture and engineering
- Fundamental knowledge in cloud, SaaS, and software
- Fundamental knowledge of security operations and incident response
- Experienced in cross organizational collaboration and delivering key metrics and reporting to all levels, from practitioner to senior leaders and executives
Other Qualifications:
- At least 5-10 years in information security with 3+ years in a management function
- CISSP and/or other relevant security certifications are a plus
Workplace equality & inclusion are not just words or topics for LogRhythm, they are part of our core values, beliefs, and integral to our company culture. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. LogRhythm was built on the principals of innovation, dedication, creativity, and commitment. It is through these key areas we were able to grow as an equal and inclusive workplace, one where our employees feel respected and safe in.