VP, Information Security at Alteryx, Inc.
Alteryx is searching for a Vice President of Information Security in our Broomfield, CO or Irvine, CA office(s).
Is this you?
A problem solver, innovator, and dreamer who is searching for anything but business as usual.
Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.
Alteryx develops software for data preparation and analysis, including a number of server solutions for model deployment, collaborative work on data, and scheduling of automatic data processing. We're revolutionizing data analytics by providing a complete end to end, self-service platform that allows users to get from business questions to business answers at incredible speeds. Why work for just any analytics company?
We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.
The Vice President of Information Security will be responsible for oversight of the governance, risk management, and compliance functions within the Information Security Department. Accountable for maintaining a strong information security posture and accountable for driving strategy, governance, and initiatives across the enterprise with an emphasis on framework compliance consistent with information security strategies, applicable laws, and company policies. The position ensures that safeguards are in place to facilitate the appropriate use and disposition of customer data, employee data, and other sensitive business information. Regularly consult with key stakeholders on various related initiatives developing strategies to minimize risk exposure and improve safeguards protecting information assets. Excellence is an expectation, and strong communications, leadership, teamwork, and agility are critical success factors.
- Develop, implement, and monitor a strategic, comprehensive information security GRC program to ensure the confidentiality, integrity, and availability of information assets that are owned, controlled, or processed by the organization.
- Serve as a liaison to cross-departmental stakeholders in connection with business activities establishing solutions that integrate information security GRC requirements with business priorities. Participates and represents the department in enterprise risk committees to evaluate information security risks with initiatives, providing risk assessment impacts and recommendations to business stakeholders. Understands how strategic business requirements align with privacy and security requirements. Mature capabilities and processes related to program initiatives. Manage the related inquiries and criticisms process.
- Work with the vendor management team to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
- Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the program’s effectiveness.
- Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services, including information security related, governance, risk management, compliance, and business continuity management.
- Develop and maintain a document framework of continuously up-to-date information security policies, standards, guidelines, and procedures. Oversee the approval and publication of these information security policies and practices.
- Develop and enhance an up-to-date information security management framework based on, but not limited to the International Organization for Standardization (ISO) 27001/2, COBIT/Risk IT, and National Institute of Standards and Technology (NIST) Cybersecurity Framework, Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standards (PCI DSS), and Personally Identifiable Information (PII) to ensure security related compliance. Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations.
- Manage assessments against established framework(s), identifying gaps in controls that require remediation. Document evidence of existing controls in a central repository and maintain updates as required. Monitor and manage remediation efforts to ensure progress against action plans to close gaps identified during assessments that are documented in the risk register. Manage the departmental risk register to organize, record, track and manage program risks in a centralized repository. Work with the program executives and team to ensure all information security related initiatives are integrated to report findings into the register. Mature this process as it evolves to improve effectiveness.
- Create a risk-based process for the assessment and mitigation of any information security risk in Alteryx’s ecosystem consisting of supply chain partners, vendors, consumers, and any other third parties.
- Work with the legal and privacy team to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
- Collaborate and liaise with the data privacy team to ensure that data privacy requirements are included where applicable.
- Define and facilitate the processes for information security risk, legal, and regulatory assessments including the reporting and oversight of treatment efforts to address negative findings.
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
- Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing security related risk.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
- Manage the enterprise business continuity management (BCM) program. Coordinate the development and implementation of crisis response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas.
- Facilitate and support the development of asset inventories, including information assets in cloud services, and in other parts in the organization's ecosystem.
- Ensures security programs are compliant with relevant contracts, laws, regulations, and policies to minimize or eliminate risk and audit findings.
- Collaborate with internal leaders to develop and implement a comprehensive global cyber security strategy and effective enterprise-wide security programs.
- Responsible for recommending final hiring and termination decisions, overall direction, coordination, and evaluation of employees. Responsibilities include interviewing and training employees; planning and directing work; managing performance; addressing complaints and resolving problems.
- Knowledge of, adherence to, monitoring and responsibility for compliance with state and federal regulations and laws as they pertain to this position.
- Understanding of the relevance of information security incidents and events to protect customer data, corporate assets, intellectual property, and regulated data.
- Knowledge of ethical testing and social engineering vulnerability analysis and process design to harden the enterprise.
- Understanding of the review process of third-party vendor platforms for compliance with security controls.
- Strong project management, financial/budget management, scheduling, and resource management skills.
- Ability to build successful relationships and communicate effectively with senior leadership, internal and external customers, and suppliers.
- Strong creative ability, analytical skills, and independent judgment.
- Bachelor’s Degree in Information Technology, Mathematics, Business, Engineering, or related filed preferred and a minimum of ten (10) + years’ progressive technical and information security leadership experience.
- Experience working in a software development company preferred.
- Minimum eight (8)+ years of management experience leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals required.
- Experience with information system technology including testing, auditing, risk analysis, and contingency planning required.
- Comprehensive understanding of Security Methodologies required.
- Recommended certifications include: Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Records Manager (CRM), Certified Information Privacy Professional (CIPP).
- 100% company-paid medical, dental, and vision for associates
- Health plans that cover your family and pets
- Company matched 401(k)
- Associate stock purchase plan
- Paid time off: 3 weeks’ vacation, 5 sick days, 9 holidays, 3 floating holidays, and 20 hours volunteer time
- 100% paid parental leave
- Tuition reimbursement
- Wellness programs with up to $300 fitness reimbursement annually
- Collaborative offices stocked with healthy snacks and drinks
- Office events, catered lunches, and happy hours