Address
Form of workAbout the Role
CaaStle is looking for an innovative leader to head its Information Security function aligned with the rapid adoption of the CaaStle platform by leading clothing brands, and increasing subscriber growth.
Information security and personal data privacy is critical to CaaStle's business. Its responsibility is to:
- Ensure the personal data entrusted to us by our tenants and subscribers is protected per industry standards and best practices.
- Directly support our business growth and the mandatory security requirements of the California Consumer Privacy Act (CCPA) for the US and the General Data Protection Regulation (GDPR) for the UK.
- Evolve to increase effectiveness, efficiency, and address external emerging threats.
In May 2021 we achieved ISO 27001 certification of our Information Security Management System (ISMS).
Our Information Security Management System has been thoughtfully constructed to match the needs of our business. We are looking for a thoughtful professional who will lead a team of security professionals in managing, tuning and scaling CaaStle's Information Security program as we continue to evolve our platform.
What you will do
- Lead the program securing CaaStle's corporate and product security.
- Implement and oversee risk mitigation strategies
- Implement and tune CaaStle's ISMS program leading to the retention of CaaStle's security certifications
- Ensure organizations compliance with local and regional security, privacy and health regulations
- Partner and align with Product and Engineering teams on secure product development.
- Manage a team of security specialists
- Work with the CRO to develop and tune CaaStle's Crisis Management plans.
- Partner with Legal on CaaStle's privacy compliance programs.
- Manage organization wide security awareness and training
- Manage CaaStle's Data Governance program
- Help develop and manage budget for CaaStle's Information Security program
We would love to hear from you if you
- Have a bachelor's degree in any technology related field or equivalent
- Have 15+ years of experience in security related operations
- Have implemented, or participated in the implementation of Information Security Frameworks like ISO27001, NIST, CSF, CIS, MCSS, PCI-DSS etc.
- Have excellent verbal and written communication skills.
- Have experience with vendor management and contract negotiations
- Have experience with security of cloud based infrastructure
- Have worked with geographically dispersed teams
- Are able to thrive in an ambiguous environment
- Are an innovative thinker with the ability to motivate and lead cross functional projects
- Have excellent organizational skills and uncompromised attention to detail
Experience with ISO 27001 / SoC 2 Type 2 preferred
Pay Range:- $225,000-$240,000. Individual pay is determined by several factors, including job-related skills, experience, and relevant education or training.
- Great compensation package with company stock options
- Pretax medical, dental, and vision Care
- Health Care Flexible Spending Accounts
- Prescription Drug Coverage
- Company-provided Life Insurance
- Short-Term and Long-Term Disability coverage with optional "buy up" plan
- 401(k) Savings Plan
- Flexible Vacation and Paid Holidays
- Employee Assistance Program
- Paid Family Leave
- Hybrid (3-2) work in office
Even if you don't meet all of these qualifications above, we'd still love to hear from you. Tell us about your unique qualifications in your cover letter.
Caastle is committed to equality of opportunity in employment. It has been and will continue to be the policy of Caastle to provide full and equal employment opportunities to all employees and candidates for employment without regard to race, color, religion, national or ethnic origin, veteran status, age, sexual orientation, gender identity, or physical or mental disability. This policy applies to all terms, conditions and privileges of employment, such as those pertaining to training, transfer, promotion, compensation and recreational programs.
Responsibilities include appropriate handling of company confidential information(CCI) and personally identifiable information (PII). Complying with CaaStle Information Security policy. Ensuring that direct reports (and contractors) are adequately trained to comply with Information Security policy.
#LI-Hybrid
