Head of security

About Watershed

Watershed is the enterprise sustainability platform. Companies like Airbnb, Carlyle Group, FedEx, Visa, and Dr. Martens use Watershed to manage climate and ESG data, produce audit-ready metrics for voluntary and regulatory reporting including CSRD, and drive real decarbonization. We are looking for team members who love product-building, want to work hard at a mission-oriented startup, and will collaborate with us in shaping the culture of a growing team.

We have offices in San Francisco, New York, London and Sydney, and remote team members across the US and Europe. We hope that you'll be interested in joining us!

The role

The Head of Security and Governance, Risk, and Compliance will be responsible for developing, implementing, and maintaining a comprehensive information security program for Watershed.  In this role, you will:

Product Security:

• Develop and implement a comprehensive information security strategy aligned with the company's business objectives and risk appetite and the plan to deploy it.
• Manage the Security Engineering team which will work closely with the Cloud Infrastructure team to oversee the design, implementation, and maintenance of security controls, including access management, incident response, data protection, and threat intelligence.
• Manage the company's security risk assessment and management processes.
• Lead the investigation and response to security incidents.
• Provide guidance and support to Go To Market business units on Security matters.

Governance, Risk, and Compliance (GRC):

• Oversee the development and maintenance of policies, procedures, and standards related to information security, privacy, and compliance.
• Conduct regular risk assessments and audits to identify and mitigate potential threats.
• Ensure compliance with internal and external audit requirements.
• Provide guidance and support to business units on GRC matters.

You might be a good fit if you have:

• BS in computer science, information security, or a related field or equivalent experience
• Minimum 5 years of experience in information security and GRC roles
• 3+ years in a leadership position
• Strong understanding of cloud security, data privacy, and compliance frameworks
• Experience working closely with Sales team and talking to customers and prospects

This position is required to be in our San Francisco HQ office.

At Watershed, we strive to design consistent, fair, and competitive compensation programs. The total cash compensation range may be inclusive of several levels at Watershed and final offer will be determined by a number of factors, including the candidate’s skills, capabilities, and location, as well as scope of the role.

The anticipated cash compensation range is in addition to a total rewards benefit package including equity, health/dental/vision insurance, 401(k), unlimited paid time off, paid parental leave, fertility, and mental health programs etc. 

Salary Range$268,000—$300,000 USD

 

FAQ

Where does Watershed work?

We have hub offices in San Francisco, New York and London, and some remote team members in the US and EU. Most of our jobs need to be in San Francisco / New York / London, but certain jobs are open to being remote and will be specifically noted on the jobs page and in the job description.

What’s the interview process like?

It starts the same for every candidate: getting to know the team members through 1 to 2 conversations about Watershed, your experience, and your interests. Next steps can vary by role, but usual next steps are a skill or experience screen (e.g. a coding interview for an engineer, a portfolio review for a designer, deeper experience call for other roles) which leads to a virtual or in person interview panel after that if the screens go well. We prioritize transparency and lack of surprise throughout the process.

Please note Watershed will only conduct interviews via official company channels (Google Workspace, Zoom). We do not use platforms such as Signal, WhatsApp, etc. to conduct official interviews nor to complete any part of our onboarding process. If you are reached out to on these platforms from anyone claiming to be from Watershed please let us know.