CISO or Sr. Director Information Security
Department: Product Management
At Elastic, we have a simple goal: to solve the world's data problems with products that delight and inspire. As the company behind the popular open source projects — Elasticsearch, Kibana, Logstash, and Beats — we help people around the world do great things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. The Elastic family unites employees across 32 countries into one coherent team, while the broader community spans across over 100 countries.
We’re looking for a CISO or Sr. Director of Information Security for Elastic. This is a high visibility leadership role with a mandate to develop and manage information security policy, technology, and governance for our global operations. This position is responsible for setting information security strategy, policy, standards, and risk management processes for both internal Corporate IT and our Elastic Cloud SaaS offering.
- Provide strategic leadership across the business to develop Elastic’s information security program, managing the development, implementation, and maintenance of security policies, standards, and guidelines. The role will span corporate IT, security operations, privacy, and risk management.
- Identify Cloud-related security and compliance requirements, including developing short and long term roadmaps for regulations such as PCI/DSS, SOC2, HIPAA, FIPS, etc.
- Effectively work with stakeholders in IT, Finance, Legal, Engineering, and Product, and demonstrate being able to engage at sufficient technical depth with our products
- Engage with Elastic’s Sales organization and customers to share our approach to information security, listening and addressing concerns as appropriate
- Effectively communicate the importance of information security internally through proactive security awareness and training (in a way that engages employees and helps them understand the need to change)
- Certify that security programs are in compliance with relevant international laws, regulations, and policies to minimize risk and audit findings
Required Skills and Experience:
- Minimum 3 years of experience as a chief information security officer or as a information security leader
- 6+ years of experience in a medium to large technology company
- 10 years of relevant work experience across product and IT organizations, including security incident response, disaster recovery, identity and access management, information privacy, security operations and security architecture.
- Experience with security and compliance issue related to cloud or SaaS services
- Experience implementing programs that help companies comply with regulations such as ISO, SOX, SOC, HIPAA, PCI, FISMA, FIPS, and comparable US and international standards.
- Strong oral presentation and writing skills
- Competitive pay and benefits
- Stock options
- Catered lunches, snacks, and beverages in most offices
- An environment in which you can balance great work with a great life
- Passionate people building great products
- Distributed-first company with employees in over 30 countries, spread across 18 time zones, and speaking over 30 languages! Some even fly south for the winter :)
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.