Chief Information Security Officer

Totara's talent development software empowers people to do their best work. The Totara Talent Experience Platform gives organisations worldwide the power to build unique employee experiences that better develop their people in the way that's just right for them. Our platform brings together our flagship learning management system (LMS) for formal learning, a user-centric learning experience platform (LXP) for learning in the flow of work and a continuous performance management system to keep teams developing their skills in an ever-evolving world of work. We are seeking a Chief Information Security Officer to lead our global information, cyber, and technology security.

Key areas of ownership include:

• Organisations data privacy and protection program
• Organisations security assurance program
• Product security assurance program for Totara TXP and Totara Cloud

Responsibilities:

• Security assurance program: Develop, implement, and maintain a strategic, comprehensive enterprise security assurance program for the entire organisation including its operations and products.
• Risk Assessment and Management: Work directly with the business units to facilitate risk assessment and risk management processes. Work with stakeholders throughout the business on identifying acceptable levels of residual risk.
• Data private and protection: Serve as the company's Data Protection Officer, ensuring compliance with data privacy laws and regulations. Establish a data privacy and protection program across the organisation.
• Leadership: Provide leadership to the enterprise's Information Security staff. Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimise or eliminate risk and audit findings.
• Disaster Recovery Planning: Develop comprehensive disaster recovery plans for the organisation. Support and guide business units in establishing and maintaining their own disaster recovery plans.
• Incident Response: Respond to security events and incidents, ensuring quick and effective resolution. Lead the development and implementation of incident response protocols and procedures.
• External Resource Coordination: Coordinate the use of external resources involved in the security and data privacy programs, including auditors, consultants, and legal experts.
• Reporting: Establish metrics and report to the senior management team and board on the organisation's security posture and risk level.
• Communication: Serve as a focal point for IT security communications, effectively communicating security and risk-related concepts to both technical and non-technical audiences.

Key Skills, Knowledge and Qualifications

• Bachelor's degree in Information Systems, Computer Science, or related field. A Master's degree is preferred.
• Professional security management certification, such as a Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.
• Minimum of 5 of experience in information technology and security roles.
• Knowledge of common Information Security management frameworks, such as ISO/IEC 27001, NIST, and FedRAMP.
• Excellent knowledge of technology environments, particularly in cloud engineering, enterprise web applications, and open source solutions.
• Extensive knowledge of data protection laws and regulations (e.g., GDPR, CCPA).
• Familiarity with the international data protection landscape.
• Experience in handling compliance audits and liaising with regulatory bodies.
• Knowledge and experience in a range of security tooling, particularly the Microsoft suite of tools.
• Strong analytical skills to assess processing operations and identify areas of non-compliance.
• Experience in handling data breaches and incident response.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Excellent verbal, written, and interpersonal communication skills, including the ability to communicate security and risk-related concepts to technical and non-technical audiences.

Totara is proud to have a diverse, international team with a wide variety of backgrounds, nationalities and experiences. Our company culture is defined by the passion and innovative thinking of our people including respect for and sensitivity towards gender and cultural nuances and context. We encourage candidates of all backgrounds and skill sets to consider opportunities at Totara.

If you like the sound of this role but are not sure if you are the right person, please consider applying. We would love to hear from you!