As Vena’s Director of Security & Information Technology you will provide vision and leadership in regards to Security and IT at Vena. You will be absolutely proactive in examining our security needs, establishing process and controls to minimize security threats from the outside as well as inside. This includes the development of key Security and IT strategies and activities across Vena’s software product, cloud service infrastructure and internal corporate network. You will be responsible for IT strategic and tactical planning, including identifying, selecting and deploying the appropriate technology resources, security and compliance measures to support Vena’s goals and objectives.
What you will do
Manage IT security, risk and compliance projects across the company including overseeing security policies, managing relationships with auditors and ensuring appropriate prioritization of initiatives. You will oversee:
- The implementation of making Vena ISO 27000 compliant
- The development, implementation, administration and enforcing of security policy and systems to enable system reliability, data confidentiality and integrity
- The development and execution of emergency procedures, including resolution and analysis of all security incidents
- Vena’s internal controls to ensure that appropriate information access levels are in place and reviewed regularly
- The execution of all independent security assessments (eg. pen tests, vulnerability scans), audits (eg. SOC 1, SOC 2), certifications (eg. ISO 27002)
- Current and potential client information requests (eg. Security questionnaires, RFP responses, etc.) as a subject matter expert
- Security awareness within Vena, including the development and delivery of a training program on information security and privacy matters for employees and other authorized users
- Our infrastructure requirements to ensure absolute security of customer data and user experience with the Product Department
- Ensure that our telephone communications and office IT work flawlessly
Does this sound like you?
- B.S. or Masters in Computer Science, Engineering or a related combination of education and relevant experience
- 7-10 years of work experience in an IT Security management capacity
- CISSP, CISA, CISM certification preferred
- Knowledge of OWASP, SANS, NIST, ISO 27001, or ISF
- Detailed technical knowledge in several of the following areas: security engineering, network security (vulnerabilities and remediation techniques), web/SaaS/cloud/mobile security and vulnerability assessment, authentication and security protocols, applied cryptography, intrusion detection & prevention, anti-virus and malware management, security event management
- Proven system/network and/or application security experience, including threat modeling, threat assessments, risk identification techniques and penetration testing
At Vena, our mission is to help smart companies better manage their data, spreadsheets, and files. Our cloud infrastructure leverages the flexibility and ease of use of widely-used spreadsheets while adding beautiful web-based workflows and a powerful cloud storage to make mission-critical business processes simple. Viewed by many as one of the most innovative Canadian start-ups, we’re part of a growing industry looking to revolutionize the enterprise so that people can stop fighting software and get back to doing their best work.
Candidates must be legally entitled to work in Canada. Local candidates only. No agencies please.
Should you require accommodation throughout any stage of the recruitment and selection process, please describe your requirements to firstname.lastname@example.org when making an application and we will be sure any accommodation needs are met.