Are you passionate about security in the cloud? Do you enjoy
piecing the puzzle of risk, compliance, and audit? Do you have
advisory and consulting experience, helping small to large
businesses grow or mature their security program? Are you looking
for a place to put your skills and passion for compliance and risk
management to use on the latest cloud-based technologies? Do you
enjoy not having the same day twice? If so, Clarabridge is the
place for you. We are seeking a Director, Information Security to
join an extraordinarily successful, high performing team within a
fast-paced growth company.
Our security mission: Clarabridge strives for customer
confidence and trust by delivering software that provides security
and privacy for data protection throughout the customer lifecycle
backed by globally recognized standards, compliance, and regulatory
The Director, Information Security is part of the leadership for
the global security, compliance, and risk program. We are looking
for a passionate security and compliance practitioner with an
appetite for building and managing a strong audit program
(borrowing from years of consulting and advisory work), a proven
history of developing and advising on security strategy, security
program development, and building strong cross-organizational
alliances for the growth or maturation of a security program to aid
the business’s strategy. Also, the Director is a strong leader, has
experience creating security policy, developing and guiding risk
management processes, and creating audit methodologies that align
with our company’s audit standards (i.e., ISO 27001:2013, HITRUST,
PCI), while identifying areas for evolving the program and audit
processes based on added industry security and privacy related,
regulatory, and customers standards. If this is you, put your
suitcase away and apply!
The Director, Information Security reports to the Vice
President, Information Security and has the following
Augmenting the Vice President, Information Security with
contractual reviews, customer RFPs, security questionnaires, and
other security and privacy related strategies to support the
business goals and growth and to support and streamline the sales
process for security-related documentation.
Developing a strategy for company third-party, internal, and
customer-related audit activities, including designing processes to
streamline these activities with repeatability and scalability.
Providing guidance on security architectural requirements and
growing the company’s minimum-security requirements based on
emerging security, privacy, and regulatory changes – and other
Offering management oversight on vulnerability management,
penetration testing, intrusion detection/prevention (IDS/IPS),
cloud service security and audit, SaaS SDLC, incident response, and
physical threat analysis activities to ensure these processes align
to compliance and audit standards.
Overseeing the evaluation, selection, and installation of
security products and performing risk assessments detailing
appropriate compensating and/or mitigating controls.
Ensuring the improvement, documentation and presentation of
security education, awareness, and training for global
Ensuring regular assessments of the security program are
conducted and that corrective actions are taken for all identified
findings, gaps, or risks and ensuring they are tracked through
Conducting and advising on expansion of comprehensive risk
analysis requirements to meet ever-changing global security and
Serve as primary liaison for third-party and customer auditors
and backfill the Vice President with prospective and current
customers security-related discussions and other responsibilities
This position requires or prefers the following competencies for
Master’s degree with 8 years or a bachelor’s degree with at
least 12 years of advisory or consulting experience. Prefer degree
in information assurance, computer science, information security,
Professional certifications (CISSP, Security+ or other
security-related) are required.
Experience with at least one audit standard (e.g., ISO, PCI,
NIST, NIST, HITRUST, SOC) is required, and experience in SaaS
Passion for compliance, risk, and developing strong business
relationships is paramount.
Experience reviewing contracts, authoring security clauses, and
representing an organization as a security subject matter expert is
a strongly desired skill.
Familiarity with OWASP and architectures including systems,
networks, and a variety of the security concepts, practices, and
procedures is required.
Experience building coalitions with internal stakeholders,
third-parties, subcontractors, and customers, making security feel
ubiquitous and a value-add to the company’s product offerings is
Executive communications and negotiation skills, with the
ability to speak to a variety of audiences about complex security
matters and gain consensus for required technology and security
Able to set priorities for a variety of tasks, with a
flexibility to adjust priorities as required.
Will you require sponsorship to work in the US now or in the