Vice President of Information Security

What We Are About:

The Security Team at Illumio is unique, it serves our customers, employees and stakeholders by creating, delivering and managing a comprehensive security program, that assures the security of Illumio’s core enterprise software products and cloud offerings, delivering trusted services, and driving activities which safeguard information assets against unauthorized disclosure, modification, damage or loss.

What You Will Accomplish:

  • As Vice President of Information Security, you will lead all security functions within Illumio across Information Security, InfoSec, Application Security, Appsec as well as Infrastructure Security. 

  • Security is a cross functional activity, and this role requires that you can set security direction and influence other experts in different areas of the company to follow that direction across all functions throughout the organization including members of the executive staff.

  • You will accomplish all this while managing and growing a team of direct reports. You will model that success in this role is achieved by leading through influence not dictating. 

  • Your Information Security team will be responsible for setting a company-wide security policy, and resolve any compliance issues including SOC2 and other necessary best-practice compliance requirements.

  • You will be called on to be the voice of Security when involved in customer conversations about security and compliance of the Illumio Platform. In addition, you are responsible for driving a Security Incident Response Program. This Security Incident Program you are responsible for would involves driving any security incidents to closure, including helping craft customer communications in regard to Security.

  • Your expertise will be called on when running a company-wide Risk Assessment and you will help set company security strategy using a risk mitigation based approach. 

  • Your role in Application Security would involve improving the (security engrained) SDLC program at Illumio, with responsibility to help in tool selection for improving the code development practices, as well as direct your internal Application Security, appsec, team. You will also manage the engagement of a third-party testing group that would externally evaluate the product from a code review and penetration testing perspective. 

  • As the Vice President of Security, your efforts in Infrastructure Security would cover overseeing the implementation, leading discussions and authoring security opinions.

  • You will work hand in hand with IT, covering traditional infrastructure such as VPN, Firewall, Data Center/Colo.

  • You will be responsible for reviewing the SalesForce deployment, as well as other SaaS services we leverage or external providers we engage with (e.g. HubSpot, Office365, OneLogin), as well as our identity and access management choices.

  • In addition, working with our production operations team your responsibility would cover a growing cloud infrastructure footprint in AWS and other CSP, both for dev/test as well as production. 

  • Create the overall security strategy and lead your team to develop and deploy security solutions to ensure that our customer data is protected.

  • Lead the security incident response process, including the ongoing monitoring of threats and vulnerabilities, and response to security events.

  • Lead the development and/or maintenance of the security monitoring and incident response strategy; develop plans that align with the strategy.

  • Work with Product Management and Engineering to ensure that security is engineered into the solutions that we deliver to our customers.

  • Manage the development and implementation of policies, standards, and procedures to ensure the ongoing maintenance of security.

What You Will Bring:

  • Relevant BA/BS degree or equivalent combination of education and experience. 

  • Proven ability to build and enhance security program.

  • 10+ years leading the security initiatives at a SaaS or similar company.

  • Knowledge of and experience with enterprise infrastructure architecture, service design, business practices, and industry trends. 

  • Knowledge of enterprise security relevant legal/regulatory requirements and industry trends. 

  • Excellent interpersonal/relationship skills and a proven ability to engage with and align senior executives. 

  • Excellent presentation and communication skills. 

  • Ability to motivate people, instill accountability, and achieve results. 

  • Ability to work effectively with a wide range of individuals including developers, executives, customers, regulators, auditors, etc. 

  • Proven track record of instituting and managing security initiatives.

  • Experience in designing enterprise-wide information security capabilities, processes, and organizational structures.

  • Experience with intrusion detection systems and forensics tools.

  • Knowledge of a variety of real-world attack and mitigation types.

  • Experience teaching and applying security engineering practices to software engineers.

  • Working knowledge and proven track record of implementing various compliance frameworks including: SOC2 Type I & II, ISO 27001/ISO 270018, NIST CSF, NIST 800-53,r4, FedRAMP. 

  • CISSP, CISM, and other relevant certifications.  

Bonus Points:

  • Other industry certifications in security, technology, and/or business management are a plus (e.g., GIAC, CCIE, CISM, CISA). 

  • Security Standards Development. 

  • Technology Service Development. 

  • Information Classification Modeling. 

  • Risk Management. 

  • Budget Forecasting.  

Who We Are

Illumio, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. For more information, visit www.illumio.com/what-we-do or follow us @Illumio.


Back to top