Head of Information Security
Ibotta is looking for a Head of Information Security to lead Ibotta’s cross-functional and holistic security function. This role will lead a team responsible for Ibotta’s overall infosecurity efforts across infrastructure, application, data, IT/Ops systems, as well as physical security. Additionally, this person will provide leadership, career development and mentoring to team members as well as guidance in critical security architecture, design, and risk assessment decisions.
What you will be doing:
Embrace and uphold Ibotta’s Core Values: Integrity, Boldness, Ownership, Teamwork, Transparency & Advocate for Savers
- Overall responsibility for defining and driving Ibotta’s infosecurity roadmap, strategy, tactics, and prioritized execution
- In partnership with key business and technology leaders, drive development, maintenance, and management of Ibotta’s infosecurity programs and functions
- Creation, publication, enforcement, and maintenance of Ibotta’s infosecurity standards, policies, and procedures across the company
- Overall responsibility for infosecurity programs and processes including monitoring, remediation, reporting, and compliance of infosecurity policy and standards
- Development, deployment, and management of infosecurity programs and best practices across the company, ensuring effective integration in business-as-usual processes
- Implementation and management of Ibotta’s security monitoring & incident response function; Leadership in the continued development, testing, and execution of Ibotta’s Business Continuity and Incident Management function
- Responsibility for building, maintaining, and complying with industry standard infosecurity risk assessment frameworks
- Partnering with our legal, client, product, and technology teams to ensure Ibotta’s infosecurity capabilities exceed requirements for all current and future regulatory requirements such as PCI and CCPA
What we are looking for:
- 10+ years building and managing a comprehensive infosecurity function
- Direct experience and/or familiarity with all aspects of the infosecurity function across infrastructure, applications, data, and physical security
- Extensive professional experience demonstrating successful partnerships across varied business and technology functions
- Proven track record of designing, launching, and successful adoption of company-wide initiatives and programs
- Proven ability to successfully prepare and maintain organizational readiness with infosecurity regulations (e.g. CCPA, GDPR, PCI, etc)
- Experience partnering with audit and compliance functions a plus
- Effective written and verbal communication skills
- Significant experience managing comprehensive infosecurity approaches on Amazon AWS ecosystems a plus
About Us:
Built in Denver, CO, Ibotta ("I bought a...") is a free mobile shopping app that gives users cash back on groceries and more. Through our partnerships with brands and retailers like Procter & Gamble, Kraft Heinz, Kellogg, Amazon, Walmart, Target and Uber, we’ve delivered over $750 million in cumulative cash rewards to our Savers. Guided by our values and our mission to make every purchase rewarding, we come to work energized by the business problems we get to solve, the technology we get to build, and the people we get to innovate (and have fun) with. Ibotta made Inc.’s 2020 list of the 5000 fastest-growing private companies in the U.S. for the third consecutive year. In 2019, we became the first mobile consumer technology company in Colorado to achieve $1B in valuation.
Additional Details:
This position is located in Denver, CO and includes competitive pay, flexible time off, benefits package (including medical, dental, vision), Lifestyle Spending Account, 401k match, profit sharing and equity.
- Ibotta is an Equal Opportunity Employer. Ibotta’s employment decisions are made without regard with race,
color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status,
gender identity, sexual orientation, or any other legally protected status
Applicants must be currently authorized to work in the United States on a full-time basis.
For the security of our employees and the business, all employees are responsible for the secure handling
of data in accordance with our security policies, identifying and reporting phishing attempts, as well as
reporting security incidents to the proper channels.