Responsibilities

• Develop and execute a full-lifecycle information security strategy that aligns with Outrider's short, medium, and long-term objectives
• Take responsibility for the design, development, and performance of information security operations for all IT infrastructure and enterprise applications across all Outrider locations, including where remote employees work and where Outrider autonomous systems are deployed
• Identify unaddressed security needs and deploy technologies and solutions that keep Outrider on par with autonomous vehicle industry benchmarks
• Partner across the organization to ensure that information security techniques and technologies are designed into the product and into company operations from the early stages
• Prepare and present accurate and timely information verbally and in writing to respond to audits and inquiries; institute a proactive culture to align activities and measurement with internal policy and regulatory requirements
• Oversee the management of information security tools, contracts, documentation, standards, and processes to create an operating environment that is sound, sustainable, and compliant with company policies and requirements
• Provide security expertise and direction for enterprise applications used to support the finance, sales, operations, and quality teams
• Assess and identify security controls needs for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO 27001, SOC 2).
• Develop and drive security risk analysis, mitigation, and remediation plans; design and lead security-incident response and recovery efforts
• Evolve Outrider's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents
• Own all documentation, process, and training surrounding Outrider's disaster recovery abilities
• Ensure the appropriate development and delivery of end-user security awareness training, effective reporting, and performance metrics; deliver reporting on security metrics to ensure senior leadership have a good view of security and risks
• Stay abreast of new automotive, machine learning, and autonomous vehicle market trends and best practices
• Generate thought leadership, insights, and recommendations for improving security and streamlining processes

Required qualifications

• 7+ years of enterprise information security or relevant technology experience
• 2+ years experience leading a team of infoSec/cybersecurity professionals
• In-depth understanding and management of information security and related technologies, such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria
• Thorough understanding of the software development lifecycle and application security policies, design and documentation
• Ability to communicate, interpret, and play back requirements to a non-technical security team (i.e. non-functional requirements)
• Solid understanding of risk management principles, incident management, and security operations
• Familiarity with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies
• Experience securing and navigating cloud platforms, such as Amazon Web Services, Azure, or Google Cloud
• Knowledge of common operating systems (e.g. Windows, Linux, Mac), endpoint security principles, and networking services/protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies
• Desire to remain technically hands-on, but also use a breadth of hands-on and leadership experience in security, engineering, or IT management to operate on a strategic level
• Excellent communication skills, especially the ability to write clearly and succinctly about security and risk-related concepts to technical and non-technical audiences
• Ability to understand the business context and technology challenges of information security, as well as handle uncertainty and apply appropriate security solutions in response to multiple risks and needs
• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO 270xx)

Compensation & benefits

• Salary range of $130,000 - $150,000. For benefits, check this out!