Senior Director - Product Security (Deputy CISO)

Your Opportunity :

Are you a seasoned security leader with a passion for technology and a knack for planning? New Relic is seeking a driven Deputy CISO to partner with our CISO and shape the future of cybersecurity for our leading observability platform. In this high-impact role, you'll guide and mentor our security teams, drive strategic initiatives, and collaborate closely with senior leadership across the business. If you're a metrics-driven problem-solver who thrives in a fast-paced environment, this is your chance to make a real difference.

We are seeking a highly motivated and experienced Deputy CISO to join our growing Information Security team. This is a critical role that partners closely with the CISO to provide technical leadership and guidance, ensuring the confidentiality, integrity, and availability of New Relic's systems and data.

As a key member of the security leadership team, you will:

• Lead and mentor: Guide and develop a high-performing team of security professionals, fostering a culture of growth and innovation.
• Drive strategy: Partner with the CISO to execute the overall security strategy, ensuring alignment with business objectives and contributing to budget discussions and resource allocation.
• Influence decisions: Participate in high-level security decision-making, providing recommendations and insights to senior leadership.
• Oversee operations: Manage and oversee key security functions, including attack surface management, offensive security, continuous monitoring, and secure operations technologies.
• Collaborate effectively: Work closely with Legal, Compliance, Engineering, and Product teams to integrate security into all aspects of the business.
• Champion excellence: Promote security best practices and awareness across New Relic, staying abreast of emerging threats and technologies.

Career Growth Opportunities:

This role is designed to be a stepping stone to greater leadership within New Relic or the broader cybersecurity industry. Here are some potential career paths:

• CISO Succession: This role is a natural path to becoming a CISO, either at New Relic or another organization. The role involves assuming CISO responsibilities when needed and reporting to the executive leadership. You'll gain invaluable experience working closely with a CISO and managing a complex security program at a growing and highly dynamic business.
• VP or Sr. Director Level Security Roles: This role can prepare you for other senior security leadership positions, such as VP of Security Operations, Sr. Director of Information Security, or VP of Product Security.
• Industry Thought Leader: The high visibility of this role, combined with your contributions to New Relic's security posture, can position you as a thought leader in the cybersecurity community. You'll have opportunities to speak at conferences, publish articles, and engage with industry peers.
• Strategic Influence: You will drive strategic initiatives and shape the cybersecurity landscape, allowing you to make a significant impact and gain recognition.
• Team Mentorship and Growth: Mentoring team members and enhancing their skills provides leadership experience and growth.
• Exposure to Diverse Cybersecurity Domains: The role covers various cybersecurity aspects, such as governance, risk management, and technology, which broadens your expertise.
• Technological Leadership/Innovation Roles: Working with cutting-edge technologies like AI and GenAI, and involvement in M&A activities and new product launches, can lead to roles focused on technological innovation within cybersecurity.

Career Paths We've Seen:

Individuals in similar Deputy CISO roles have successfully transitioned into:

• CISO positions at both public and private companies.
• Leadership positions in cybersecurity consulting firms.
• Executive Leadership: Success in a high-profile role like Deputy CISO can lead to further advancement within the organization's executive ranks, particularly for those with strong leadership and strategic thinking skills.
• Industry Opportunities: The experience and skills gained make candidates highly competitive for similar or more advanced roles at other organizations, potentially in different industries. VP-level roles leading global security teams.
• Consulting: Individuals with extensive expertise in information security can move into consulting roles, advising, or even board positions other organizations on their security strategies

Key Performance Indicators (KPIs) and Metrics:

The Deputy CISO will be measured on the following KPIs and metrics, with specific goals and milestones:

Security Posture Improvement:
Goal: Improve overall controls maturity year-over-year leveraging CIS scoring.

Milestone: Achieve a tangible reduction in exploitable vulnerabilities within the first six months.

Quota: Define and lower average time-to-remediation for critical vulnerabilities.

Security Program Maturity: 

Goal: Advance the security program maturity level by one stage (e.g., from defined to managed) within the next two years, based on a recognized framework (e.g., NIST Cybersecurity Framework, CIS, etc).

Milestone: Coordinate the completion of a gap analysis and co-develop a roadmap for achieving the target maturity level within the first six months.

Quota: Implement new or drive improvement of existing security controls to address identified gaps within the first year.

Team Performance and Development:

Goal: Improve employee satisfaction and retention within the security team.

Milestone: Implement a formal mentorship program for junior team members within the first quarter.

Quota: Achieve an 85% or higher employee satisfaction rating within the security team. Maintain a low number of regrettable departures. 

Collaboration and Communication:
Goal: Enhance collaboration and communication between the security team and stakeholders.

Milestone: Establish regular cross-functional security interviews or surveys with key stakeholders within the first month.

Quota: Achieve regular positive written feedback and recognition for Information Security  from partner teams on security collaboration.

Strategic Initiatives:

Goal: Successfully execute key strategic security initiatives, such as implementing a zero-trust security architecture or enhancing cloud security posture.

Milestone: Create clear tracking of progress against milestones, deliverables, and timelines for each initiative

Quota: Achieve 90% key milestones for each strategic initiative as planned.

What you’ll do

• Provide technical leadership and guidance to security teams responsible for:
• Security engineering and automation
• Incident response
• Vulnerability management
• Product, application, and infrastructure assurance
• Penetration testing
• Enterprise security
• Security consultation and guidance
• Partner with the CISO to execute the overall security strategy, ensuring alignment with business objectives.
• Develop and maintain detailed roadmaps and documentation for key security initiatives and be a key point of engagement for Engineering and Product organizations. 
• Develop and maintain detailed roadmaps and documentation for key security initiatives.
• Track and report on key security metrics to measure program effectiveness and identify areas for improvement.
• Contribute significantly to security budget discussions and resource allocation.
• Create valuable and impactful security operations recommendations that inform technical decisions while managing change and competing demands.
• Foster a culture of collaboration and knowledge sharing within the security organization.
• Growing, inspiring, and retaining a diverse, high-performing team of security professionals that are forward-looking and adaptive to emerging security technologies and threats.

This role requires

• 10+ years of experience in cybersecurity, with 5+ years in a leadership role.
• Experience working in a SaaS or cloud-based business.
• Strong technical background in security engineering, incident response, vulnerability management, and cloud security, SIEM, EDR, and SOAR.
• Deep understanding of security best practices, frameworks, and industry standards especially as they pertain to SW development and engineering organizations. 
• Excellent communication, collaboration, and interpersonal skills.
• Ability to influence and build consensus across different teams and levels.
• Passion for mentoring and developing security talent.
• Relevant industry certifications (e.g., CISSP, CISM, CCISO) are a plus.
• Proven ability to create and execute detailed security plans and roadmaps.
• Strong analytical and problem-solving skills, with a meticulous attention to detail.
• Experience with developing and tracking security metrics.
• Excellent organizational and documentation skills.
• Self-motivated and able to work independently with minimal supervision.
• Possesses excellent interpersonal, relationship building and influencing skills; has demonstrated success in influencing key decision makers and business partners to build positive working relationships and in gaining support for cybersecurity investment to execute against strategic initiatives.
• Deep understanding of cybersecurity program planning and managing interdependence across a complex technology landscape, including governance, risk management, architecture, technology onboarding, vulnerability management, awareness and training, and cyber third-party risk management. Experience in the development, implementation, and operationalizing on-going cyber capabilities / solutions.
• Strong understanding and knowledge of common information security management frameworks, such as ISO/IEC 27001, and the NIST CSF.
• Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).

Bonus Characteristics for Success:

• Planning and Organization: You thrive in creating order and structure, and you enjoy developing detailed plans and roadmaps to achieve security objectives.
• Metrics-Driven: You have a passion for data and metrics, and you use them to measure progress, identify trends, and drive improvements in security programs.
• Documentation: You understand the importance of clear and concise documentation, and you have a knack for creating and maintaining it.
• Self-Motivation: You are a self-starter who can take initiative and work independently to achieve goals.
• Problem-Solving: You enjoy tackling complex security challenges and finding creative solutions.

Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics’ different backgrounds and abilities, and recognize the different paths they took to reach us – including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We’re looking for people who feel connected to our mission and values, not just candidates who check off all the boxes. 

If you require a reasonable accommodation to complete any part of the application or recruiting process, please reach out to resume@newrelic.com.

We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success, including fully office-based, fully remote, or hybrid.

Our hiring process

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers’ means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics. 

Review our Applicant Privacy Notice at https://newrelic.com/termsandconditions/applicant-privacy-policy