Head of Global Security, Risk and Compliance

We are seeking an experienced Head of Security Engineering to join our growing SaaS company. Reporting to the CTO, you will be responsible for defining, executing and overseeing a holistic security strategy to safeguard our organization’s digital assets, protect customer data, and maintain trust in our brand. You will lead a team of security professionals and drive collaboration with engineering, product, and cross-functional stakeholders to integrate security across all aspects of our operations, aligning with business objectives and industry standards.

What your day could consist of:

• Define and lead product security initiatives in close connection to the needs of partners, customers, the market and overall company objectives.
• Lead a team of security professionals, including hiring, training, and performance management.
• Lead incident response efforts operating as the incident commander, coordinating with relevant stakeholders to resolve security incidents while communicating effectively throughout.
• Lead the IT team.
• Manage Third Party (e.g., vendor) Risk Assessment Program with IT.
• Manage stakeholder (customer, partner) security questionnaires and  assessment processes.  Interface with customer management as necessary.
• Manage threat and vulnerability management.
• Ensure an effective SSDLC is in place for engineering.
• Implement security controls and processes to protect the company's data and systems from external threats.
• Own the SOC2 audit, and lead work to implement ISO27001 certification.
• Conduct risk assessments and implement appropriate controls to mitigate identified risks.
• Stay up to date with the latest security technologies and best practices.
• Develop and maintain security policies, standards, and procedures.
• Develop and lead comprehensive security training programs across the organization to ensure all employees understand and adhere to security best practices, fostering a culture of proactive risk awareness and protection.
• Guide security engineering on InfoSec/AppSec standards, auditing, and penetration testing.
• Manage analysis of fraud vulnerabilities, control weaknesses, and gaps to mitigate and remediate significant issues, trends, and loss events.

What is needed:

• Bachelor's degree in computer science, information technology, or a related field.
• 10+ years of experience in information security, with at least 5 years in a senior leadership role.
• Expert in security technologies and best practices.
• Experience with security risk assessment and management.
• Experience with incident response and forensics.
• Experience with security in the cloud (e.g., AWS) is required.
• CISSP, CISM, CISA  or other relevant security certification is a plus.
• Excellent communication and leadership skills.
• Experience building Internal Audit functions for SOC 2, ISO 27001, and PCI-DSS.
• Excellent understanding of vulnerability management and associated tools and solutions.
• Machine Learning Models understanding is a plus.
• Seeking candidates in Chicago or Indianapolis.
• Prior penetration testing experience is a plus.

About ActiveCampaign:ActiveCampaign helps small teams power big businesses with the must-have platform for intelligent marketing automation. Customers from over 170 countries depend on ActiveCampaign’s mix of pre-built automations and integrations (including Facebook, Google, WordPress, Salesforce, Shopify, and Square) to power personalized marketing, transactional emails, and one-to-one CRM interactions throughout the customer lifecycle. 
As a global multicultural company, we are proud of our inclusive culture which embraces diverse voices, backgrounds, and perspectives. We don’t just celebrate our differences, we believe our diversity is what empowers our innovation and success. You can find out more about our DEI initiatives here. 
ActiveCampaign holds the highest customer satisfaction rating among Marketing Automation, E-Commerce Personalization, Landing Page Builders, and CRM solutions on G2.com and is one of only a handful of software solutions with over 10,000 positive reviews. ActiveCampaign has also been named the Top Rated Email Marketing Software on TrustRadius. Learn more and start your free trial at ActiveCampaign.com.
Perks and benefits:ActiveCampaign is an employee-first culture. We take care of our employees at work and outside of work. You can see more of the details here, but some of our most popular benefits include:
-Comprehensive health and wellness benefits that includes a High Deductible Health Plan (HDHP) fully covered by ActiveCampaign, complimentary access to telehealth and tele-mental health resources, and a complimentary membership to Calm-Open paid time off-Generous 401(k) matching program with immediate vesting-Quarterly Path Perks with options for commuter and lunch benefits (for those reporting to a Hub), or a remote home office stipend-Access to professional development resources through LinkedIn Learning-After five years of service, you’ll be eligible for a four-week paid sabbatical leave and a sabbatical leave bonus
ActiveCampaign is an equal opportunity employer. We recruit, hire, pay, grow and promote no matter of gender, race, color, sexual orientation, religion, age, protected veteran status, physical and mental abilities, or any other identities protected by law.
Our Employee Resource Groups (ERGs) strive to foster a diverse inclusive environment by supporting each other, building a strong sense of belonging, and creating opportunities for mentorship and professional growth for their members.