FiscalNote

FiscalNote

Washington, DC

Senior Director, Information Security

About the Position

FiscalNote is seeking a Senior Director, Information Security to be an integral part of a security team supporting our customers and will report to the Chief Information Officer. The role is a senior information security executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and reputational security risk strategies related to protect the integrity, availability, and confidentiality of data, systems, and technology.

About The Team

Our team is driven to connect the people of the world to their governments. You will get the opportunity to work at a late-stage startup pushing the boundaries of open data transparency while collaborating with some of the industry’s brightest engineers, data scientists, designers, and product professionals to devise, nurture, and implement solutions to address continuously evolving and increasing client expectations and demands.

About You 

As FiscalNote’s Senior Director,  Information Security, you'll be accountable for the security and protection of all information entrusted to FiscalNote by its customers, partners, and employees. Ultimately, you'll be responsible for creating  operational systems and organizational culture where information security is ingrained into the fabric of FiscalNote’s standard business and technology operations.

What to Expect in this Role:

  • Conduct a thorough assessment of FiscalNote’s security needs, priorities and opportunities in order to visualize, create, and execute on an information security program 
  • Design and develop an information security roadmap to align and scale with company growth
  • Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
  • Plan for and manage incident response plans while minimizing effect on the business
  • Develop and extend security tooling and automation efforts across the organization
  • Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
  • Work alongside the Legal Department on compliance activities including external audits, regulatory compliance projects, and overall information security reviews as they relate to technology, data, and information security
  • Educate the organization about these threats and implement threat protection measures at a global level
  • Serve as cross-functional leader and provide direction to key, accountable stakeholders in a matrix environment with dotted-line reports imbedded within the business 
  • Serve as the information security expert in front of the Executive team
  • Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
  • Manage relationships with external information security technology vendors and specialized information security professional services firms
  • Attract, develop, and retain a highly talented team as the information security program grows

What Sets You Apart:

  • 12+ years of relevant experience in the information security space, preferably with both large and small, high-growth companies; SaaS and Paas industry experience a strong plus
  • Strong business acumen and a collaborative, influential partner able to educate, build relationships, and foster adoption of sound security practices (commitment + compliance)
  • Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS), and their applicability to securing a SaaS enterprise security environment
  • Experience in the evaluation and implementation of industry standard enterprise wide information security technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security (AWS), Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management
  • Clear understanding of relevant information security governance, technical and security standards and regulations
  • Familiarity with industry security standards and compliances including OWASP, FedRAMP, AICPA SOC, NIST 800-53, ISO 27001 and ISO 27018 as well as current data privacy regulations, including GDPR and regional standards
  • Deep knowledge of networking and network security
  • Strong understanding and experience with Secure SDLC and DevSecOps or security automation
  • Ability to work under pressure across multiple stakeholders
  • Excellent written and communication skills and ability to communicate across all levels of an organization