Finalsite is the preferred website, communications, and marketing platform of more than 8,000 schools worldwide. The company’s people, products and services transform how schools connect and engage with their community, recruit students and staff, and fundraise; while managing the complex requirements around data privacy, accessibility, hosting and security. Finalsite products and services include award-winning website designs, a robust content management system, a powerful enrollment management system, innovative inbound marketing tools, data integration, training, support and marketing consulting. With a 96% retention rate year-over-year, Finalsite is the choice of over 700 NAIS member schools and 1000+ school districts in the U.S., and international schools and universities in over 115 countries around the world. The company is headquartered in Glastonbury, CT with offices in Austin, TX and Columbus, OH, U.S.A., as well as in the U.K. For more information, please visit www.finalsite.com.

MISSION

Finalsite’s mission is to help schools prepare students to be successful and make the world a better place.

VISION

Finalsite will transform the way school communities engage with their schools.

SUMMARY OF THE ROLE

Finalsite is seeking a Director of Information Security to develop, lead and manage information security initiatives. This critical leadership role will set the vision and direction for information security at Finalsite, and manage a talented technical team with a forward-thinking and proactive approach to information security. Partnering closely with IT, DevOps, Legal and other company executives, you will continue development of a system security infrastructure that is built on high-quality standards, adheres to guidelines and controls that are regularly tested and reported, and meets compliance standards..

LOCATION

100% Remote - Anywhere within the US.

RESPONSIBILITIES

• Responsible for design, implementation, and management of Finalsite’s information security efforts across both product and IT
• Provides leadership to develop and execute an enterprise information security strategy and roadmap. Aligns with company business strategy, gains executive approval and support, and oversees the successful execution
• Understand current health and drive insights into future focus areas for information security before issues occur and risks are realized
• Responsible for security operations including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
• Develops, trains, and mentors the Information Security team to grow their technical and professional capabilities
• Collaborate with Engineering and IT to identify threats and design technical controls
• Maintain documentation of security controls and respond to requests from customers (internal and external)
• Works closely with and provides technical expertise to compliance, product and engineering teams, and supporting departments in the implementation, certification, and maintenance of compliance standards (NIST, ISO 27001/ISO27701, SOC2, GDPR, CCPA, etc.)

QUALIFICATIONS AND SKILLS

• Bachelor's degree in Computer Science, Engineering, or related technical field
• Experience with cloud computing technologies, especially AWS (Amazon Web Services), Azure, or GCP (Google Cloud Platform)
• Experience working in a software product company with fast-moving software development teams
• Ability to work cross-team and communicate effectively with people from a variety of different backgrounds and different levels of security awareness
• At least 5 years of hands-on experience in information security
• At least 5 years in a leadership role within information security, with a demonstrated ability to break down large problems and get things done
• Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Application Security, Cloud Security, Identity & Access Management, etc
• Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, SIEM, logging, penetration testing software, etc.)
• Experience working with and managing 3rd party cyber security providers for pentest, compliance certification such as ISO-27001, managed service providers such MDR, cybersecurity remediation, etc.
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, SOC2, FedRAMP, ISO/IEC 27001/27701, and NIST security principles
• Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security
• Certifications (preferred): CISSP, CISM, Security+
• Exceptional program and project management skills
• Strong written/oral communication skills required along with the desire and ability to communicate with business leaders at all levels of the organization
• Strong analytical and problem-solving skills

Link to All Staff Competencies and Mental and Physical Requirements

RESIDENCY REQUIREMENT

Finalsite offers 100% fully remote employment opportunities, however, these opportunities are limited to permanent residents of the United States and the United Kingdom, unless otherwise restricted in the job description above. Current residency, as well as continued residency, within the United States or United Kingdom, are required to obtain (and retain) employment with Finalsite.

DISCLOSURES

Finalsite is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. EEO is the Law. If you have a disability or special need that requires accommodation, please contact Finalsite's People Operations Team. Finalsite is committed to the full inclusion of all qualified individuals. As part of this commitment, Finalsite will ensure that persons with disabilities or special needs are provided a reasonable accommodation.