About SurveyGizmo:

Founded in 2006 SurveyGizmo is an enterprise data collection, orchestration, and analytics platform that helps some of the biggest brands to deliver on their missions by enabling them to operationalize feedback by integrating critical data from their Customers (employee, users, patients, vendors, etc) into their key business systems through an easy to use, low code SaaS platform.

About the Job:

SurveyGizmo is looking for a talented Director of Information Security and Compliance to play a key role in overseeing Information Security and Privacy for the company. This role reports to the Chief Technology Officer and will be critical in ensuring compliance with internal/external policies/statutes, leading Risk Management activities, coordinating external audit cycles, and managing Third-Party Risk, as well as influencing security best practices around the development of our award-winning SaaS platform. This is a highly visible role, and the candidate will be instrumental to the success of SurveyGizmo. 

Responsibilities will include: 

• Lead InfoSec complianceefforts in SOC 2 Type 2 and ISO 27001, building scope, control selection, scheduling external audit testing and ensuring regular control testing and monitoring. Additionally, lead Privacy related audits including GDPR and Microsoft DPR 
• Partner with the business to negotiate the inclusion of security requirements into third party contract agreements, and customer agreements
• Manage SurveyGizmo’s Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure SurveyGizmo data, customer data, and provide dependent services
• Lead the development of a company-wide Security Awareness, Training, and Education program to protect company proprietary and customer owned information
• Oversee the building, implementation and ongoing review of internal Infosec and technology related policies, partnering with stakeholders and approvers to ensure adherence
• Lead proactive Risk Management programs across the company, identifying and analyzing risks, developing risk management controls and contingency plans
• Ensure the SurveyGizmo SaaS platform is secure through a variety of techniques including Vulnerability Scanning, Pen Testing, Blue Team/Red Team activities. Additionally, partner with the Cloud Operations team to ensure Enterprise level InfraSec practices
• Partner with the Development organization to implement a Secure Software Development Lifecycle, pushing security left into the design and development phases

Skills and Qualifications 

• College degree and 5 years of related work experience, or equivalent substantive work experience
• 5+ years leading InfoSec in enterprise software companies
• Experience obtaining SOC 2 Type 2 and ISO certifications, partnering with external vendors to review controls
• Workingknowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) 
• Excellent communication skills, including extensive experience interfacing directly with customers
• Tolerance for ambiguity, with a desire to find the right answer for our customers, the company and the business
• 3+ years direct management experience, plus proven ability to lead through influence across a highly matrixed organization
• Experience in assessing hosted service architectures (SaaS, PaaS, IaaS)

Preferred 

• CISA, CISM, and or CISSP certification
• Experience implementing a Secure SDLC 
• Experience in a growth stage technology company

Our team members enjoy:

• 401k with 6% company per payroll match and immediate vesting
• Founder’s Pool profit-sharing program, with an annual profit-sharing bonus and additional units awarded annually
• HSA and FSA with optional yearly SurveyGizmo contribution Flexible Cafeteria Plan with reimbursement for Wellness, Education, and commuter and dependent care expenses (including pets!)
• Generous time off policy
• 14 paid holidays, including the week between Christmas and New Year’s. Plus, you get 4 floating holidays in addition to your PTO!
• Relaxed, open and highly collaborative environment
• Nearby bike and walking trails
• Fully stocked kitchen, including wine and beer