CISO, VP Info & Product Security

Boston, MA, United States

Nexthink

Discover what your employees need, see what they experience, know how they feel. Deliver IT that delights.

View all jobs at Nexthink

Company Description

Nexthink is the global leader in digital employee experience management. Our products allow enterprises to create highly productive digital workplaces for their employees by delivering optimal end-user experiences. Through a unique combination of real-time analytics, automation and employee feedback, Nexthink gives IT teams the insight they need to empower and even delight people at work.

Headquartered in Switzerland with US headquarters in Boston, Nexthink also has offices in France, UK, Germany, Spain and UAE. Our growing team of Nexthinkers is proud to be making the digital work lives of over sixteen million employees across 1,000 customers more productive.

Hybrid role- Boston based office, with teams in Madrid, Lausanne and Bangalore. Need to be open to travel.

Job Description

Nexthink is looking for a VP of Information and Product Security who is an expert in working with development teams to build secure SaaS products and is passionate about securing an enterprise’s information and data. The candidate will lead and grow a global team of about ten security and compliance experts and own all aspects of the security function for Nexthink.

We are looking for an individual who has strong cloud security technical fundamentals and has been involved in securing software development and deployment processes. Excellent communication skills and comfort in working with executive leadership and with customers are essential for the role.

Experience working with US Federal and DoD agencies and contractors with certifications like Fedramp is a plus.  Experience working with European companies around GDPR and related data privacy issues is very helpful.

The role will report to the CTO and work closely with Architecture, Development, SRE, Legal, Support, Product Management, and Sales leadership in leading the security function for Nexthink.

Key Responsibilities

The VP of Information and Product Security’s responsibilities include but are not limited to:

  • Drive Nexthink's security vision, continually update strategy to meet this vision and maintain a multi-year security roadmap.
  • Consistently communicate and advocate for security best practices while reporting performance effectiveness to executive stakeholders.
  • Lead the implementation of next-gen security solutions and ensure compliance with changing laws and regulations.
  • Oversee the development of information security policies, standards, and procedures that are aligned with industry best practices.
  • Evaluate and adapt security measures to mitigate emerging threats and vulnerabilities, with a focus on protecting software integrity and data security for customers.
  • Lead and mentor a high-performing team, handling performance management, workload balancing, and succession planning.
  • Provide hands-on technical leadership in the design, implementation, and enforcement of security measures.
  • Conduct regular audits and assessments to identify areas for improvement
  • Collaborate closely with Product, IT, Legal, and other departments to align security initiatives with company objectives
  • Act as a main point of contact for security matters with external vendors and partners
  • Facilitate interdepartmental training and development programs focused on security best practices
  • Ensure compliance with Federal, FedRAMP, and DoD regulations
  • Build and maintain relationships with government agencies and other stakeholders in the security compliance landscape
  • Develop and enforce cloud security policies, including incident response protocols
  • Manage operational and capital budgets for the cyber security department.
  • Lead security briefings for executive stakeholders
  • Draft comprehensive yet accessible reports for both technical and non-technical audiences
  • Quick adaptability to a fast-pace security landscape, staying abreast of new technologies and approaches.

 

Qualifications

  • Advanced degree in technology-related fields like Computer Science or Engineering is preferred.
  • Minimum of 10 years in progressive leadership roles within information security, with a focus on corporate and product security in a SaaS environment
  • Strong technical background, with experience in designing, implementing, and managing security solutions
  • Decisive and well-informed decision-making, coupled with creative problem-solving abilities.
  • Excellent people management skills, including performance monitoring, motivation, and fostering a positive work environment.
  • Proven ability to understand and comply with security regulations, and work with key stakeholders to ensure compliance.
  • Exhibited ability to secure cloud-based systems and applications, and respond to security incidents in the cloud.
  • Ability to communicate security-related concepts to diverse audiences, technical, legal and executive , orally and in writing in an easily understood and actionable manner.
  • Expert knowledge in compliance frameworks: ISO 27001, NIST, CSF, Fedramp and privacy related laws.
  • Formal certifications such as CompTIA Security+, CISSP, CISM, CISA, and/or CEH are preferred.
  • Excellent interpersonal and communication skills
  • Knowledge of Agile software engineering best practices

Key personality traits

Honesty and Integrity:  As an integral member of the company’s senior leadership team, the candidate must exemplify the highest standards of honesty, integrity and discretion.

Self-Confident and Results Orientated:  An intelligent, decisive, self-confident and results-orientated individual who possesses a combination of mental flexibility, creativity, analytical ability and sound judgment.

Innovation/ Growth Oriented: Encouraging people to innovate, create and be open to change. Empowering people and having a bias for action and an urgency to move forward.

Fosters teamwork: Creating a work culture that values collaboration.

#LI-Hybrid

Additional Information

At Nexthink, we believe actions are stronger than words regarding diversity, inclusivity, and equity in the workplace. Nexthinkers are multinational and multilingual and come from all walks of life. We are committed to hiring a genuinely representative workforce that can create solutions and foster innovation for the modern digital employee experience. Join us today!

Total Rewards @ Nexthink

At Nexthink, we offer one of the most comprehensive and generous benefits plans.  Your total rewards compensation package includes base salary and may also include a commission or performance bonus plan, as well as equity.  We provide our US employees with 100% covered company benefits that consist of health, dental, vision, life insurance, long-term disability, and accidental death/personal loss coverage. 

Base salary ranges are determined by country, role, level, experience, and skills. The range displayed on each job posting reflects Nexthink’s good faith determination of the minimum and maximum targets for new hire salaries across all US locations. Individual pay is determined by related factors, including job skills, experience, and relevant education or training, which may impact a final offer. Your Talent Acquisition Partner can share more about the specific salary range during the hiring process.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  4  0  0

Tags: Agile Analytics Audits Automation CEH CISA CISM CISO CISSP Cloud Compliance CompTIA Computer Science DoD FedRAMP GDPR Incident response ISO 27001 Monitoring NIST Privacy Product security SaaS Strategy Vulnerabilities

Perks/benefits: Career development Equity / stock options Health care Insurance Salary bonus Startup environment

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.