Director, Security Assurance & Customer Trust
Join us on our mission to make a better world of work.
Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high-performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day.
Culture Amp is backed by leading capital venture funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company.
For more information visit cultureamp.com.
How you can help make a better world of work?
Culture Amp is looking for a Director, Security Assurance & Customer Trust to lead the continuous improvement of the Culture Amp security framework and ISMS, security improvement program, security awareness program, customer trust program, and supplier security risk management capability. The ideal person will also lead the customer trust team by ensuring the timely and accurate responses to customer enquiries relating to Culture Amp’s security and privacy practices.
In part of this team of amazing humans,
You will:
Be able to prove to our business leaders and customers that we have taken a thoughtful and diligent approach to protect the valuable data in our possession, and that those data protection efforts cover the third parties that have access to your organization’s (and our customers’) data. As such you will be responsible for the ongoing governance of security including embedding an overarching Security Framework that provides oversight of our policies, standards, and supporting procedures. This includes the maintenance of the Information Security Management Systems (ISMS) and identifying our security maturity and continuous improvement activities.
As a key leader in the implementation of a strong security culture, you will track and monitor the implementation and management of security solutions, as it relates to the ISMS and security governance, as well as review the information security strategy & roadmap to ensure it aligns with our Security Framework and maturity targets. You will manage Culture Amp’s security supplier review process allowing us to make assurances regarding our third parties. Owning both parts of a similar process (customer due diligence and Culture Amp due diligence you will find synergies and automation opportunities to help us do what we do faster, better, and to create customer and camper delight) to help us manage our security risks.
As the customer trust director, from a security point of view you will focus on increasing transparency, shifting from reactive to proactive communication, integrating trust management into go-to-market processes, and developing mechanisms to improve both security postures and trust management. As such, you will oversee the timely response to our sales teams and customers regarding product and data security, and continuous improvement of customer trust practices. Alongside your team, you will be happy to get your hands dirty, using our library of information to respond to our customers and taking the initiative to work with other departments within Culture Amp to find answers to any unknown questions. Monthly metric reporting for the Executive team will help you to communicate the growth in customer support, the timely completion of questionnaires, and engagement in high touch customer engagements.
For the Culture Amp security education and awareness program, you will be required to provide a wide-reaching education campaign including regular phishing simulations, the maintenance of both induction and annual training modules in our LMS tool, how-to confluence articles, and an annual security awareness month program. You and your team will help Campers understand their role in safeguarding information, technology, and services. Monthly metrics will be compiled by you and presented to the Executive team to demonstrate the progress of the program.
Your role in the Camp
- Lead Security Assurance and build a strong security culture
- Oversee the cyber education and awareness strategy and corresponding activities.
- Be a trusted security advisor to our customer facing teams
- Build customer relationships and trust in every interaction with sales, customer success, and directly with our customers
- Direct the security customer trust processes and manage continuous improvement of the responsiveness to prospect and customer due diligence processes regarding security, data protection, and supporting privacy as well
- Own and manage CA’s 3rd party / supplier security reviews and due diligence to secure our supply chain. Ensuring alignment to sub-processors and also mapping the link between our providers to our customers and aligning security expectations to ensure we remain within customer and contractual obligations.
- Advise on security clauses and ability to deliver when customers ask for variances in customer contracts. Create and manage a list of acceptable security terms and areas of non-negotiation for security purposes with legal.
- Keep a sound and up to date understanding of security and privacy controls, and their current state at Culture Amp.
- Work closely with the Risk team, Legal, and business partners to identify supplier security risks and opportunities to mitigate or transfer security risks.
What you’ll bring to Culture Amp
- Effective communicator and highly transparent and collaborative
- A well balanced style that aligns with Culture Amp values and is able to present a professional and trusted partner to sales/prospects/customers
- Experience in security assurance from frameworks to policies and practical security management, including SOC2, ISO27001, GDPR, and prepared to develop to include emerging technologies like standards for AI.
- Ability to work with risk and audit teams to define controls within a framework and identify key vs non key security controls and how they support the management of security risks
- Solid security literacy and previous experience in security roles relating to supplier risk management, security assurance, or responding to customer reviews of security capabilities
- Strong deductive reasoning and problem solving skills
- Good understanding of security and how to create collateral of value to customers, presented and written in an easily consumable fashion
- Laser focused on continuous improvement and how we can do things better and what might be of value to our customers over time
- External networks and ability to check in with peers outside of CA for support on best ways to tackle security challenges as they present themselves
- Preparedness to play and bit and experiment to see what works based on our culture and different ways our campers learn and take on responsibility in their domains.
You are
- Easy to get along with, an influential individual, who is immediately credible and able to easily build relationships
- A lateral thinker with a keen eye for detail and you naturally analyze assumptions
- Comfortable in ambiguity
- Great at communicating with both technical and non-technical people
- Thorough & meticulous
- work well independently and with others as part of larger team and are able to collaborate on cross-functional teams
- willingness to learn and grow
- develops a deep understanding of the broader business context and uses it to prioritise areas of focus
- Articulate and able to easily create collateral that supports the Security framework, policies & standards, and customer asks.
We believe that our employees are the heartbeat of our success. We're committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. In addition to providing a competitive compensation package, some of the key benefits we offer are:
- Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success
- Programs, coaching, and budgets to help you thrive personally and professionally
- Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people
- Monthly Camper Life Allowance: An automatic allowance paid out each month with your pay - you can spend it however you like to help improve your experience and life outside work
- Team budgets dedicated to team building activities and connection
- Intentional quarterly wellbeing pauses: A quarterly company-wide shutdown day in each region to to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time
- Extended year-end breaks: An extended refresh period at the end of year
- Excellent parental leave and in work support program available from day 1 of joining Culture Amp
- 5 Social Impact Days a year to make a positive impact on the community outside of work
- MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
- Medical insurance coverage for you and your family (Available for US & UK only)
Additionally, we don't just focus on our internal community; we believe in creating a better world of work for all. We're committed to diversity, equity, and inclusion, with Employee Resource Groups and ally communities in place.
We have a strong commitment to Anti-Racism, and endeavor to lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti-Racism here.
Please keep reading...
Research shows that candidates from underrepresented backgrounds often don't apply for roles if they don't meet all the criteria – unlike majority candidates meeting significantly fewer requirements.
We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience!
Thank you for taking the time to read this advert. If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding Germany). Please watch this video from our amazing DEI Leader, Aubrey Blanche to share more on why we collect the data and how we will use it.
If you require reasonable accommodations or adjustments to complete the online application or to participate in the interview process, please contact accommodations@cultureamp.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.