Head of Security and Compliance

About The Role

Dialpad is looking for a strategic and experienced Director to head our Security and Compliance aka Trust team. The individual will lead efforts in the areas of corporate security, product security, infrastructure security, standards compliance, and risk management. An ideal candidate is someone who has strong knowledge and experience in leading implementations of security technologies, policies, and procedures within a corporate security environment, and can work with engineers to secure web applications, cloud infrastructure and on-prem infrastructure. As a leader in the organization you will be working across various operational and business teams such as Legal, Sales, IT, Support and Engineering in implementing and maintaining a comprehensive security and compliance program to protect our organization's data, systems, and assets while ensuring adherence to relevant regulations and industry standards.  The role will report to the SVP of Engineering.

Key Responsibilities

• Lead the security and compliance team including GRC Analysts and Security Engineers, to foster a culture of security awareness and partnership across the company.
• Lead the Trust Steering Committee composed of C-level executives and core Trust staff.
• Present at least annually to the Audit Committee or Board with respect to cyber security/data privacy plans, progress, responses.
• Integrate security and compliance measures in the product development and deployment processes.
• Build and maintain effective security controls across the organization which meet industry standards such as SOC2, ISO 27001, ISO 27017, 27018, PCI HIPAA, GDPR, etc.
• Plan and coordinate with executive staff across disciplines to achieve compliance with additional standards and to make adjustments as required by existing standards.
• Act as point person for cyber security/data privacy audits, initiatives, responses for customer contracts and incidents.
• Represent Dialpad at customer conferences or other keynote venues.
• Report regularly to executive staff and board leadership on control maturity, gaps and risks.
• Lead incident response efforts across the company for incidents associated with confidentiality, security, and data privacy..
• Lead cyber security/data privacy SOX initiatives.
• Ensure the company is best-in-class with modern security practices, attack vectors, industry trends, defensive tools and regulatory changes.
• Lead cyber security/data privacy for FEDRAMP and regulatory initiatives.
• Act as cyber security/data privacy point person for sessions with the company’s underwriters

Key Skills

• At least 8 years of leadership experience in security and compliance
• At least 5 years of experience in direct people management of individuals working within security, engineering, and IT.
• Bachelors or Masters in Information Security, Information Systems, Computer Engineering or related field.
• Relevant certifications such as CISSP, CISM, CISA, etc.
• Familiarity with quantifiable risk assessment methodologies and maturity models
• Experience implementing and monitoring security and privacy controls within an agile software company. Building automation frameworks for implementation and monitoring of controls across multiple systems.
• Experience with AICPA Trust Service Principles for SOC2, Cloud Security Alliances Common Controls Matrix, and ISO 27001, 27017, and 27018. objectives
• Excellent organizational and communication skills to prioritize tasks based on risk levels and communicate with different parts of the organization on the business impact of risks.
• Working with remote teams across global time zones.
• Unwavering integrity.

 Nice to have

• Experience with Google Cloud Platform for technical controls implementation and monitoring,
• Experience with PCI or FedRAMP Compliance.
• Experience within an IT Audit or Advisory role.

Dialpad benefits and perks

Benefits, time-off, and wellness

An apple a day keeps the doctor away—and it doesn’t hurt that we offer flexible time off and great options for medical, dental, and vision plans for all employees. Along with that, employees also receive a monthly stipend to help cover your cell phone bill, home internet bill, and we reimburse for gym membership costs, a variety of wellness events, and more!

Professional Development

Dialpad offers reimbursement for expenses related to professional development, up to an annual limit per calendar year.