???? **Privacy Notice**
**Chief Information Security Officer (US Remote)**
Salt Lake City, UT / Executives / Full-time
**At Instructure, our vision is to help people learn, develop, and engage from their first day at school to their last day of work. Our goal is simple: create more effective ways for everyone everywhere to access education, make discoveries, share knowledge, be inspired, and do big things. We accomplish all this by giving smart, creative, passionate people opportunities to create awesome. So heres your opportunity**
Instructure is seeking a hands-on Chief Information Security Officer (CISO) to establish and maintain the enterprise vision, strategy, and program to ensure all information assets and technologies are protected. The CISO is a key role bringing value to the organization by promoting a culture of awareness and accountability through a comprehensive proactive security program. This position will develop strong relationships across the business including Product Development, Engineering, Cloud Operations, IT, Finance, HR, and others. With the full support of executive management this leader will drive change across all disciplines to improve the security of our products, processes, procedures, and systems to ensure compliance with PCI, SOC2, ISO, GDPR, StateRAMP, SOX, etc.
You will be responsible for developing, implementing, and operating a comprehensive enterprise security program that includes enterprise IT, compliance, and a portfolio of large scale web applications developed and acquired using various modern technology stacks. You will be responsible for managing the security organization, consisting of application security, security engineering, and compliance. In addition, you will manage the architecture and implementation for monitoring, troubleshooting, alerting, reporting, and response to threats or incidents. You will be instrumental in guiding our strategy and approach as we continue to enhance our secure development lifecycle, secure operations, and compliance assurance functions.
As a security expert, you will be working with other leaders to shape and influence policies and practices to ensure we deliver on our commitments to security, data privacy, governance, risk management and compliance. This CISO also plays a critical role in an incident response situation and will engage with customers where security is a concern. **What we are looking for:**
+ A leader that can multitask, prioritize, and manage time efficiently
+ A leader with excellent leadership, team building, and management skills
+ A leader with the skill to provide direction to company-wide strategies for information security practices, awareness, architecture, and incident response.
+ A leader that oversees the operations of the security team, including providing direction for information security practices, governance, and policies.
+ A builder who can not only articulate a broad set of software security challenges and considerations but can help guide teams as they code up the solutions in whatever tech stack, language or architecture fits the problem.
+ A bold and skilled leader who can guide a team to find vulnerabilities and risks within our architecture, code, our tools and our processes and bring the most important priorities to resolution.
+ A mentor and advisor to streamline and steer compliance operations to meet multiple regulatory and industry requirements.
+ Someone that can closely collaborate with Legal and Privacy teams and is aware of the regulatory landscape.
+ An advisor with maturity and presence to handle vulnerability response & remediation as well as respond to RFPs and ensure that we deliver our security commitments.
+ A collaborator who proactively engages with product, operations, legal, QA, and UI/UX to translate user and business security needs into superior experiences.
+ A leader who can engage with customers about security concerns and questions regarding Instructure products.
+ A leader that can evaluate security breaches, coordinate responses, and coordinate effective remediation strategies.
+ An advisor that stays active in maintaining current knowledge of industry and regulatory requirements for SaaS technologies.
+ A passion for people and for software
+ Experience with FedRAMP a plus
+ M&A experience a plus
+ BS or greater in Computer Science preferred
+ 8+ years as an engineer and significant breadth and depth in software security practices, cloud security operations, threat assessment, and training.
+ Significant experience building a web application at scale
+ Competitive salary, equity and 401k
+ Medical, dental, disability, and life insurance
+ HSA program, vision, voluntary life, and AD&D
+ Lots of paid time off, 10 paid holidays, and flexible work schedules
+ Fitness club memberships
+ Top of the line computer equipment
ISO standards application-security scale Incident response Quality Assurance (QA) Computer Science web-applications pci risk management Security Information technology (IT) Training FedRAMP Team Buildings SOC2 Engineering Leadership GDPR UI/UX Designer sox Management