Sunday, April 22, 2012

Security Jobs: Director of Information Security & Compliance, Palo Alto, CA, Relocation: YES

Yes, I have shared this position in my blog before.  Late last week, a couple of candidates were granted phone interviews for this position.  They came up short in the interview process.  Not because they did anything wrong but because my client determined after talking to a couple of candidates that he has to see candidates who have experience in a hosting environment. 

As our conversation progressed, it became very clear to me that a security professional who is managing information security for a traditional IT department does not operate in the same manner as a security professional who is working to secure a hosting, SaaS, PaaS, IssS environment.

To acquire this position, a candidate will have to demonstrate experience in a hosting environment and they’ll have to demonstrate the ability to come up with out-of-the-box innovative solutions.

Feedback from the candidates who have been on the phone with my client suggests that he is a very intelligent person who has outstanding soft skills.  Everybody who has been on this phone with this client of mine finds themselves being excited about the idea of having my client as a boss.

Director, Information Security and Compliance

Location: CA, Palo Alto
Relocation: Yes
Compensation: Mid $100s has been engaged to help build an information security / cyber security department in a high-tech company where protecting their systems and intellectual property is taken seriously. This company of 400 employees has recently gone public and is in a solid position for continued growth.


This role reports to a Sr. Director whose career has followed a deeply technical information security career path. He understands the work you’ll be doing for this company. In recent years, this Sr. Director’s path looks like a technical / business intersection. If you’re passionate about technology and you’re ready to work for and with people who are prepared to mentor and coach you to the next level in your career, this could be your next career move.

The Opportunity:

This newly created role exists as a result growth and as a result of this company having recently gone public. This is an opportunity to build a cyber security program from the ground up. You’ll work closely with internal lines of business as well as with external customers. As a result of your deep information security foundational background supporting your security expertise, you’ll likely be called on to support the sales team to attest to the company’s security structure during the sales process.

ISO certification could be in this company’s future but whether it is or not, programs are being built on an ISO framework. You’ll need to bring depth and breadth in Regulatory Compliance experience on top of a technical information security background to qualify for this role. If you have this experience, you’ll be relied on to build a Compliance Program.

•                  Information Security professional possessing over 12 years of information security related experience.
•                  A BS/BS degree is desirable.
•                  Demonstrate a deep understanding of SaaS (Software as a Service), PaaS (Platform as a Service) or IaaS (Infrastructure as a Service) from either working in a hosting environment in the past or working with hosting companies where they were your customers.
•                  Demonstrate a deep working knowledge of compliance and regulatory environments such as SOX, ITIL, SAS70, ISO 27001 / 2:2005 and SSAE 16. A deep level of ISO framework understanding is required.
•                  Desirable candidates will likely have progressed through Security Engineer, Security Analyst, tiles to become Risk Management / Compliance specialists.
•                  Prior experience conducting vulnerability assessments / security assessments is desirable.
•                  Knowledge and/or have worked in an environment where the company has developed software; possesses knowledge of Agile & Scrum methodologies desirable.
•                  Ability to provide risk assessments and solutions options on technology architecture in a dynamic environment.
•                  Deep understanding of all things security such as: security operations; logging & monitoring; incident response; vulnerability management; and configuration management as it applies security and regulatory compliance requirements.
•                  Possess outstanding customer-facing skills including the ability to discuss and evaluate customer security requirements and map them to internal standards.
•                  Ability to be cross-functional with various teams within the company and have the ability to relate security requirements to these various teams.
•                  Certifications such as the CISSP, CISA, CISM, CRISS or others appreciated.'s Security Recruiter Blog