Ciso

Remote, United States

Marigold

Marigold helps brands acquire customers through multiple channels, engage existing customers with curated offers, and turn customers into superfans.

View all jobs at Marigold

The Company:


Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class martech solutions that help marketers create long term customer love and loyalty. Marigold provides the most comprehensive set of use cases for marketers at any level. Headquartered in Nashville, Tennessee, Marigold has offices globally across the United States, Europe, Australia, New Zealand, South America and Central America, as well as in Japan.
 

The Role:
 

Reporting to the Chief Information Officer, as the CISO you will be responsible for defining and implementing Marigold’s information security program in order to protect the company’s assets and interests by reducing security risk. You will be responsible for managing security risk and ensuring that Marigold's security posture is aligned with its business objectives.


Responsibilities:

  • Own the Information Security function within Marigold including the planning and development of the company’s information security program and strategy in support of the business’s objectives.

  • Oversee the day-to-day operations of the information security team including the GRC, Application Security, and Security Engineering functions.

  • Lead and mentor a team of information security professionals based across the USA, Europe, and Australia. Provide guidance, support, and training to enhance their skills and capabilities, and create and maintain a strong team ethos and morale.

  • Work closely with executives and senior leadership to prioritize security initiatives and spending based on appropriate risk management and budgets.

  • Ensure that Marigold complies with all relevant laws, regulations, and industry standards as related to information security.

  • Represent the business to clients and other external bodies as needed.

  • Provide advice and support in the event of an adverse security event.

  • Promote a strong culture of information security across all areas of the business.

  • Develop and maintain strong relationships throughout the company, ensuring that positive day to day working relationships exist between the security team and all key stakeholders.

  • Monitor key security metrics and indicators, identifying trends and adjusting strategy as appropriate.

  • Communicate and report on information security risks, incidents, and mitigation efforts to senior management, business stakeholders, and regulatory bodies as required.

  • Stay up-to-date with the latest security threats and best practices, and adapt the company’s security strategy accordingly.

 

Requirements: 

Education & Qualifications

Essential:

  • Educated to Masters level in a relevant subject, or equivalent experience

  • Significant evidence of continued professional development.
     

Desirable:

  • Formal certification (for example CISSP, CISM or CRISC) and/or formal training in information security standards and best practice (e.g.: ISO 27001).

 
Experience & Knowledge

Essential:

  • Experience and proven success of working at a senior level leading and delivering Information Security in a complex environment which is undergoing significant change.

  • Proven experience of leading teams and providing direction and guidance.

  • A broad technical background in security operations, security engineering, architecture, cyber risk management, threat intelligence, and/or incident response.

  • In-depth knowledge of information security frameworks, standards and regulations (for example ISO 27001, SOC2, HIPAA and NIST).

  • Strong understanding of risk management methodologies and the ability to assess and prioritize risks effectively.

  • Experience working in an environment with multiple technologies and business units having differing security requirements and certifications.

  • Experience with contract and vendor negotiations and management including managed services.

  • Experience of managing and prioritizing large budgets.
     

Desirable:

  • Experience of working in a global organization with a team based across multiple time zones.
     

Skills & Abilities

Essential:

  • Strategic leader who can drive a vision for enterprise and product security while maintaining an execution-oriented approach for driving results.

  • Strong executive presence with the ability to persuade technical and non-technical leaders and able to influence at all levels in the organization.

  • Excellent communication and interpersonal skills, able to build and motivate a high-performing information security team.

  • Strong problem-solving and analytical skills to identify and mitigate security risks.

  • Ability to present a professional image when representing the business to clients and other external bodies as needed.

  • Demonstrated capability to act upon incomplete information, using experience to make inferences and decision making.


Personal Qualities

Essential:

  • Business-focused and able to understand how the work performed by the security team impacts other teams and affects the success of the business.

  • Works well with others, is positive and helpful, listens, involves, respects and learns from the contribution of others.

  • Demonstrates professional and personal credibility and integrity.

  • Prepared to respond out-of-hours (when able) in the event of a major security incident in the business.

  • Accommodating the need for flexible working to cope with occasional meetings that may be outside of normal working hours in your time zone.

  • A forward thinker who is continuously looking ahead to anticipate any future threats, changes in common attack methods, and changes in technology, that may present challenges or opportunities for the security of Marigold.

  • Demonstrated ability and willingness to serve as a “hands-on” leader and take a “roll-up your sleeves” and a “lead by example” approach.
     

What We Offer:

  • The table-stakes benefits you’d expect including: medical/dental/vision, life and disabilities insurance.

  • Generous time off (we call it Open Time Away) as well as paid holidays and a birthday benefit day off.

  • 401k plan with a company match on your contributions.

  • Employee-centric and supportive remote work environment with flexibility.

  • Support for life events including paid parental leave.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  6  1  0

Tags: Application security CISM CISO CISSP CRISC HIPAA Incident response ISO 27001 NIST Product security Risk management Security strategy SOC 2 Strategy Threat intelligence

Perks/benefits: 401(k) matching Career development Flex hours Flex vacation Health care Medical leave Parental leave Team events

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.