Senior Director, Information Security

Salsify helps brand manufacturers, distributors, and retailers in over 80 countries collaborate to win on the digital shelf. The company’s Commerce Experience Management (CommerceXM) platform serves as the system of record for products, accelerates time to market for products, facilitates cross-team and cross-organization collaboration at scale, and provides the insights needed to continuously optimize product pages across channels. The result is shopper-centric, frictionless, and memorable commerce experiences. Great commerce experiences that are delivered efficiently improve brand trust, amplify product differentiation and assortments, increase conversion rate, improve profit margins, and speed time to market.

In May 2021, Salsify acquired Alkemics, and its Supplier Experience Management platform which is used by large scale retailers in Europe to discover, list, and launch products from more than 20,000 brands.

Learn how the world’s largest brands, including Mars, L'Oreal, Coca-Cola, Bosch, and GSK, as well as retailers and distributors such as E.Leclerc, Carrefour, Metro, and Intermarché use Salsify everyday to stand out on the digital shelf.

An Inclusive Place To WorkSalsify does not discriminate based on race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at [email protected] to request accommodations.

For more information, please visit: http://www.salsify.com. 

We are looking for a hardworking Senior Director, Information Security to lead our security team, evolve our security and compliance programs, and partner across the business in all things related to security. This role will lead a team of specialists responsible for governance, risk, compliance, and cybersecurity aspects of our security program. Additionally, this person will have an important hands-on customer facing role in counseling the business and commercial negotiations on security and compliance matters related to the marketing and sales of our solutions and services. The ability to influence and partner closely with other groups on multi-functional initiatives is a top requirement, including oversight of security audits and domestic and international compliance/privacy laws and regulations (SOC, ISO, GDPR, Safe Harbor, Privacy Shield, SOX).

This individual will report directly to our VP, Technology and Business Platforms and will be a key leader on the team as the Company enters into its next stage of hyper growth.

How You'll Make an Impact:

• Influence, guide, and lead compliance programs in accordance with industry standards and requirements such as SOC 2, ISO 27001, and GDPR among others.
• Develop, implement and maintain Salsify policies, procedures, measures and mechanisms to protect the confidentiality, integrity and availability of customer data and to prevent, detect, contain, and correct information security incidents by aligning information security standards and compliance with legal and regulatory requirements.
• Ensure disaster recovery and business continuity plans are in place and tested.
• Develop, maintain, and evolve Salsify’s security policies and testing program, conduct security audits and evaluations of prospective vendors/partners and work with outside consultants, as appropriate, for independent security audits.
• Be responsible for the security incident response program, conducting threat and vulnerability assessments, serving as the chairperson of the team, investigating actual or potential security incidents or breaches and implementing associated disciplinary and legal responses.
• Maintain a current understanding of the IT threat/risk landscape.
• Brief the executive team on status and risks, including taking the role of champion for the overall strategy and required budget. Also prepare update reports and performance metrics for Senior Management.
• Develop information security-related training and education programs, including on Salsify policies and procedures, and deliver training to staff on a regular basis.
• Respond to Customer RFP, Security Questionnaires and Customer Contracts.
• Facilitate customer assessments/audits, preparing responses and documentation for such audits, and preparing and delivering all required remedial and corrective actions.
• Evaluate, select, implement and prioritize security products and technologies.
• Monitor security and privacy trends in the SaaS / cloud technology space, and provide timely educational resources to the various Salsify teams to stay on top of relevant laws and legislation and to ensure that the security and privacy programs are updated to maintain ongoing compliance.
• Identify potential areas of vulnerability and risk. Facilitate the formulation of corrective action plans for resolution of problematic issues, while maintaining an acceptable level of risk.
• Ensure the security controls for computer equipment (laptops, mobile devices, BYOD).

You'll Enjoy This Role If You Have:

• Bachelor's Degree in Business, Computer Science or Information Systems preferred
• Professional certifications such as CISSP, CISM, and/or CISA required
• 5-10 years of demonstrated ability in the Information Security field, preferably as an auditor
• 5+ years experience with leading information security teams
• 5+ years of experience working in Cloud solutions and architectures
• 3+ years of experience working across Senior Management and presenting to C-Suite and Board Level Executives
• Experience with SOC 2 Type 2 is required, experience with ISO 27001 is a bonus
• Experience implementing information security industry and frameworks, specifically NIST and CIS frameworks; knowledge of CSAT is a plus
• Experience with RFP/InfoSec assessments for SaaS solutions
• Experience with Program/Project Management methodologies
• Knowledge and/or experience with Privacy requirements including Safe Harbor, Privacy Shield, GDPR, and CCPA
• Familiarity with SIG tools and practices

What We Have for You:

US Benefits -

• Competitive Salary
• Equity
• 401(k)
• Unlimited Vacation
• Full Benefits: Medical, Dental, and Vision Insurance
• Company-provided Life Insurance and Short Term Disability as well as additional voluntary insurance elections
• FSA: Medical, Commuter, and Dependent Care
• HSA: Tax-advantaged Medical Savings Account
• 16 Week Paid Maternity & 10 Week Paid Parental Leave Program
• Referral Bonuses

#LI-KT1 #LI-Remote

Salsify loves a good success story and it would be our privilege to help write yours! We recognize that talent and potential come in all forms and that years of experience does not guarantee on the job effectiveness or leadership potential. Our hiring process involves recognizing a person’s achievements, subject matter expertise, and passion, not just check marks next to a job description. If you have an interest in our roles please do not hesitate to apply - we would be happy to speak with you!

Salsify’s mission is to empower brand manufacturers to win on the digital shelf.

Helping brand manufacturers to win online is what we do. Our culture is who we are. We are empowered. We are positive thinkers. We take action. We care deeply. These values have driven Salsify’s growth and earned the company numerous top workplace awards.

We are headquartered in Boston, Massachusetts and have hubs in Lisbon (Portugal), Paris (France), and remote offices around the globe. If you are excited to work in a fast-paced environment with a team that values agility, curiosity and passion, we want to hear from you!

Please see our Candidate Privacy Statement for information on the personal data we process in connection with your application.

Accommodations

Salsify is committed to an inclusive hiring process, and we aim to provide accommodations for persons with disabilities. If you need any accommodations for the application or throughout the interview process please contact [email protected].