Director, Security and Compliance

Full Time
8 months ago

About Nintex: 

At Nintex, we are transforming the way people work, everywhere.  

Nintex is the global standard for process intelligence and automation. Today more than 10,000 public and private sector organizations across 90 countries turn to the Nintex Process Platform to accelerate progress on their digital transformation journeys by quickly and easily managing, automating and optimizing business processes. We improve their lives though the technology we build. 

We are committed to fostering a workplace that supports amazing people in doing their very best work every day. Collaboration is constant, our workplace is fun, the environment is fast-paced and we value our people’s curiosity, ideas and enthusiasm. We deliver on our commitments, we don't wait to implement ideas or fix issues, and we treat each other with respect and consideration. 

About the role: 

The Director, Security and Compliance will be responsible for the strategic leadership of the security and compliance program at Nintex.  The security leader will establish, maintain, enhance, and grow comprehensive security strategies, policies, and procedures to ensure the integrity, confidentiality and availability of intellectual property and assets are protected.  The Director will be responsible for proactively identifying, assessing, and reporting on security risks that meets regulatory requirements and supports the risk posture of the Nintex. 

Your contribution will be:  

Information Security: 

  • Establish near and long-term internal security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create a roadmap for continual security and compliance growth. 
  • Lead the design, implementation, and protection of security controls, processes, and technologies to protect the organization's intellectual property and assets. 
  • Actively engage in a threat management and intelligence program in collaboration with an outsourced Security Operations Center (SOC). 
  • Provide regular and consistent reporting on the current status of the information security program to senior business leaders. 
  • Manage security incidents and breaches, including incident response, investigation, and remediation efforts. 
  • Maintain, shape, and grow up-to-date information security policies, standards and guidelines.  
  • Learn, investigate, and examine new security technologies that can strengthen and provide depth to Nintex’s security posture. 

Risk Management and Compliance: 

  • Establish and maintain the BC/DR program throughout Nintex. 
  • Enhance and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings. 
  • Work closely with internal stakeholders and external auditors and consultants on ISO and SOC audits. 
  • Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information technology systems. 
  • Lead, enhance, and evolve the Crisis Response Team, including annual Disaster Recovery testing and tabletop exercises. 

Security Education: 

  • Enhance and deliver security awareness and training programs to educate employees on best practices and promote a security-conscious culture. 
  • Monitor the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action. 

Product Security: 

  • In collaboration with Product and Engineering leaders and develop processes and implement tooling to integrate security into Product which includes threat modeling, cloud security posture, and other security protections. 
  • Establish a red and blue team exercise with product to focus on emerging and trending cyberattacks. 

Leadership:  

  • Manage, hire, and grow security engineers and compliance analyst.  
  • Collaborate with cross-functional teams, including IT, legal, compliance, and product, and R&D, to implement security policies and awareness. 
  • Partner with Infrastructure and Support team to deliver on security initiatives and create a roadmap and plan for future security initiatives. 
  • Partner with internal key stakeholders to assess our posture, build controls, and mitigate security risks. 
  • Establish and maintain relationships with external vendors, partners, and industry peers to stay informed about security trends and leverage external expertise. 
  • Establish and grow an environment for emerging threats and advises relevant stakeholders on the appropriate courses of action. 

To be successful, we think you need:  

  • Bachelor's degree in computer science or similar field such as Engineering, Information Security, or Information Systems. 
  • Current and relevant Industry Certifications such as CISSP, CCSP, or CISA. 
  • 10+ years of direct experience in an Information Security role. 
  • 5+ years of experience leading teams in a Security organization. 
  • Deep familiarity with enterprise security technologies, such as: firewalls, EDR, SIEM, MDR, MFA, CASB, vulnerability management, encryption technologies, etc. 
  • In-depth knowledge of information security principles, practices, technologies, standards, risk management methodologies and frameworks. 
  • Exceptional problem-solving and analytical skills with the ability to distill complex and nuanced issues into structured frameworks and processes. 
  • Strong, executive level oral and written communication skills with ability to understand technology sufficiently to clearly communicate the complexity in simple terms for key stakeholders, both in one-on-one and public settings. 
  • Strong ability to translate strategic-level goals into actionable objectives. 
  • Knowledge of common information security and compliance management frameworks, such as ISO/IEC 27001, SOC2, and NIST. 
  • Proven ability to manage and mentor both technical and non-technical individual contributors and managers. 
  • Experience managing a geographically dispersed team supporting the ongoing protection and monitoring. 
  • Experience with contract and vendor negotiations and management including managed services. 

What’s in it for you? 

Nintex employees have the freedom to work how they work best. We are virtual-first across our global workforce. Our people work in the way that best suits them and their teams - whether at home, in an office, or another place that sparks creativity, focus and collaboration. Our work environment is such that our people can successfully deliver their work while adequately supporting their lifestyle and preferences.  

While our offerings differ from country to country, we offer our entire global workforce an array of exciting perks and benefits, including 

  • Global Gratitude and Recharge Days
  • Mindfulness and counseling resources
  • Invention/patenting assistance
  • Meaningful recognition
  • Community impact opportunities
  • Multiple tools through which to learn and grow, and an incredible global community 

View more here: https://www.nintex.com/wp-content/uploads/2023/01/Global-Perks-and-Benefits.pdf.  

Nintex participates in E-Verify for work authorization.  We are an Equal Employment Opportunity Organization.