Sr Director, Head of Information Security (CISO)

POSITION TITLE: Sr. Director, Head of Information Security (CISO)

Successful applicants for this position must be fully vaccinated against COVID-19 as a condition of employment. Vaccine verification will be required.

LOCATION: San Carlos, CA or Austin, TX

POSITION SUMMARY:

The Sr. Director, Head of Information Security is a senior-level executive within Natera is responsible for establishing and maintaining the global enterprise's strategy and program to ensure information assets and technologies are protected. The role will work cross-functionally across the Natera organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles.

• Own strategy and vision for corporate information security, inclusive are application security, infrastructure security, and data security.
• Assess current needs; develop, implement, and monitor a strategic and comprehensive enterprise-wide information security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by Natera.
• Oversee critical cybersecurity areas including incident response, disaster recovery, awareness, monitoring, remediation, information governance, and digital security.
• Develop and oversee the development and enforcement of security policies and procedures based on industry- standard best practices.
• Build strong relationships within the security organization and across the enterprise order to implement the appropriate security controls to protect the enterprise.
• Partner closely with executive leadership to ensure that all applications and platforms are developed with security in mind and that appropriate security controls have been implemented while driving continuous investment into the Cyber security areas
• Promote and oversee strategic security relationships between internal and external entities.
• Utilize business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Work closely with internal stakeholders and business units to keep abreast of planned changes to technologies, working practices, and business activities that could have an impact on the organization's Information Security or risk profile
• Manage SOC2 audit process and assess other certifications (e.g. ISO 27001/27002, NIST-CSF, HITRUST) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
• Direct and assist as necessary, investigations into information security breaches liaising with the Legal, Risk and Privacy teams on data protection legislation ensuring root-causes of such breaches are understood and addressed
• Grow and manage information security team / strategize and think through team structure and growth. Directs staff in identifying, developing, implementing, and maintaining processes across the enterprise

• Bachelor/Master's degree in Computer Science, Engineering, or related fields.
• 12+ years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
• 8+ years of people management experience, leading teams to build systems, practices and policies that comply with important security standards
• Proven experience leading certifications and audits program, and adept at managing external service providers.
• In-depth expertise in security framework and certifications for public and regulated global industries, including COSO, ISO 27001/27002, HITRUST, FDA.
• Significant experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of the business
• Ability to communicate security risks in business terms that can be clearly understood at all levels of the organization
• Experience managing and configuring web applications hosted on AWS & Azure
• An excellent understanding of legislation and regulations that impact information Security E.g. GDPR, CCPA, Data Protection Act (2018), Freedom of Information Act, PCIDSS
• An understanding of current and emerging threats and countermeasures and the organizational challenges to addressing these threats
• An understanding of Application Security threats and countermeasures
• A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, Data Loss Protection, BCP, remote working and cloud Security
• Working knowledge in the areas of Risk, Compliancy and Privacy desirable
• Excellent people leadership skills - providing direction, monitoring performance, motivating staff and building a positive working environment

• Duties are typically performed in an office setting. This position requires the ability to use a computer keyboard, communicate over the telephone and read printed material.
• Duties may require working outside normal working hours (evenings and weekends) at times.
• Travel required for this position: No