Sr. Director, Security Architecture
We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.
JOB SUMMARY:
Alteryx, Inc. is looking for a Sr. Director of Application Security to drive and advance the overall product security strategy. This role will ensure product security best practices are being followed from product inception through delivery. As one of the most senior members of the Alteryx security leadership team, this individual will have global responsibility for the management of all aspects of securing our products and applications through a secure development lifecycle, from threat models to security architecture, to design reviews, to secure CI/CD, to pen testing. You'll be part of a dynamic team that is focused on execution and delivery. This role is hands-on as well as scales to that of running a broad set of responsibilities with senior executive visibility and reporting.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Leading Alteryx's product and application security function, including planning and development of the company's application security strategy in support of the strategic business plan.
Driving best-in-class product and application security standards and frameworks.
Focus on SDLC, client data encryption and protection, cloud security, key management and code signing, and product and application incident and vulnerability management.
Identifying security technologies and trends ensuring Alteryx's products and operating environments keep pace with technological changes and innovation.
Defining and executing product and application security communication, training, and awareness programs.
Hiring and developing the product and application security team to grow to the next level of maturity and scalability.
Produce operational metrics to highlight trends and detail organizational effectiveness.
Collaborating with IT and engineering teams to design and implement security controls that enable business initiatives and reduce risk in our products and applications.
Be able to build strong partnerships with stakeholders across Alteryx's diverse engineering functions, leverage strong interpersonal skills to ensure the product and application security team is business enabler and doesn't stifle engineering innovation.
Define strategic secure development lifecycle roadmap and associated time frames and barriers to entry for methodically improving Alteryx's secure development practices and enabling market differentiation.
Perform other duties and projects as assigned.
ESSENTIAL KNOWLEDGE, SKILLS, AND ABILITIES:
Advanced working knowledge of cyber and information security standards, frameworks, technologies, control strategies, and compliance practices related to ISO 27001/2, NIST, OWASP, SANS Top 20, PCI-DSS, SOX-404, SSAE-18, and SOC2.
Strong verbal and written communication skills, excellent judgment, and interpersonal skills.
Experience in managing diverse security functions in a global capacity
Experience in delivering large, multi-faceted security programs at a global enterprise scale
Detailed knowledge of security domains and common security controls
Expertise in common system, software, and web application vulnerabilities (e.g., OWASP Top 10)
Able to deliver quality results in a high-energy/high-pressure environment
Experience in penetration testing / red team / vulnerability assessment
Ability to multi-task and manage demands of many projects, issues, and tasks
EDUCATION, EXPERIENCE AND/OR LICENSES:
Bachelor’s Degree in related discipline (Information Systems, Computer Science, or related field) with a minimum of ten (10)+ years’ progressive experience in cybersecurity, information security, or application security
Minimum five (6)+ years of management experience leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Five (5)+ years of software development experience
Thorough understanding of application security methodologies required.
Demonstrated knowledge of business principles including general management, human relations, conflict resolution, finance and budget, project management and business strategic planning
Demonstrated possession of sound judgment, highly developed negotiation and facilitation skills and excellent communication skills.
Leadership experience with multiple, cross-functional teams or projects, and influencing key stakeholders
Possible certification requirements include Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC)
COMPENSATION:
Alteryx is committed to fair and equitable compensation practices. The salary range for this role in Broomfield, CO is $158,500 - $277,400. This position is also remote-friendly and, as such, compensation will ultimately be in line with the location in which the position is filled. Final compensation for this role will be determined by various factors such as a candidate’s relevant work experience, skills, certifications, and geographic location. This role is eligible for variable compensation including bonus and stock grants.
#LI-CP1
Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we’re invested in building teams with a wide variety of backgrounds, identities, and experiences.
Benefits & Perks:
Alteryx has amazing benefits for all Associates which can be viewed here.