Head of Global Security, Risk and Compliance

Company: ActiveCampaign
Location: Chicago
Posted on: March 29, 2025

Job Description:

We are seeking an experienced Head of Security Engineering to join our growing SaaS company. Reporting to the CTO, you will be responsible for defining, executing and overseeing a holistic security strategy to safeguard our organization's digital assets, protect customer data, and maintain trust in our brand. You will lead a team of security professionals and drive collaboration with engineering, product, and cross-functional stakeholders to integrate security across all aspects of our operations, aligning with business objectives and industry standards.What your day could consist of:

• Define and lead product security initiatives in close connection to the needs of partners, customers, the market and overall company objectives.
• Lead a team of security professionals, including hiring, training, and performance management.
• Lead incident response efforts operating as the incident commander, coordinating with relevant stakeholders to resolve security incidents while communicating effectively throughout.
• Lead the IT team.
• Manage Third Party (e.g., vendor) Risk Assessment Program with IT.
• Manage stakeholder (customer, partner) security questionnaires and assessment processes. Interface with customer management as necessary.
• Manage threat and vulnerability management.
• Ensure an effective SSDLC is in place for engineering.
• Implement security controls and processes to protect the company's data and systems from external threats.
• Own the SOC2 audit, and lead work to implement ISO27001 certification.
• Conduct risk assessments and implement appropriate controls to mitigate identified risks.
• Stay up to date with the latest security technologies and best practices.
• Develop and maintain security policies, standards, and procedures.
• Develop and lead comprehensive security training programs across the organization to ensure all employees understand and adhere to security best practices, fostering a culture of proactive risk awareness and protection.
• Guide security engineering on InfoSec/AppSec standards, auditing, and penetration testing.
• Manage analysis of fraud vulnerabilities, control weaknesses, and gaps to mitigate and remediate significant issues, trends, and loss events.What is needed:
  • Bachelor's degree in computer science, information technology, or a related field.
  • 10+ years of experience in information security, with at least 5 years in a senior leadership role.
  • Expert in security technologies and best practices.
  • Experience with security risk assessment and management.
  • Experience with incident response and forensics.
  • Experience with security in the cloud (e.g., AWS) is required.
  • CISSP, CISM, CISA or other relevant security certification is a plus.
  • Excellent communication and leadership skills.
  • Experience building Internal Audit functions for SOC 2, ISO 27001, and PCI-DSS.
  • Excellent understanding of vulnerability management and associated tools and solutions.
  • Machine Learning Models understanding is a plus.
  • Prior penetration testing experience is a plus.
    #J-18808-Ljbffr

Keywords: ActiveCampaign, Chicago , Head of Global Security, Risk and Compliance, Other , Chicago, Illinois