- Serve as the top security executive, leading an ongoing and successful corporate-wide program, and driving a culture of security throughout the company
- Create a strategic security and IT roadmap based on current state gap analysis and continuous improvement. Define a multi-year plan and budget, and execute against the roadmap
- Translate technical risks into interpretable organizational risks for a wide range of corporate audiences, including the Board and senior leadership
- Manage a growing a team of talented information security and IT professionals
- Earn our customers’ trust through the execution and maintenance of effective externally facing documentation, security questionnaires, and audits
- Partner with our legal, compliance, technology, and internal controls teams to ensure our practices are in line with corporate and regulatory policies
- Design and lead the implementation of security projects, working cross-functionally with our technology, HR, and business teams
- Advise and implement security tactics across DevOps and CI/CD practices operating in the public cloud
- Mature the SOC to detect and mitigate potential threats, and lead the investigation of issues
- Lead internal and external security audits using a rigorous and repeatable methodology, and provide consistent reporting of results
- Build a world class IT Operations and End User Services organization that maintains a highly collaborative working relationship with the end user community and fellow engineering and technology teams
- Drive a frictionless and flawless user experience for all EverCommerce employees while maintaining high levels of employee satisfaction scores, process improvement, automation and self service
Qualifications:
- 15+ years of total experience in security and IT leadership with executive management responsibilities at a SaaS company. Experience leading global teams and managing MSPs (managed services providers)
- Experience as a key actor (auditor, domain owner, etc) in security certifications such as PCI, SOC 2, ISO27001, and HIPAA
- Proven track record implementing and managing incident response, threat intelligence, DLP, IAM, SOC management, security architecture, and risk assessments
- Strong familiarity with common security libraries, tools, controls, and common security flaws that apply to software development including, but not limited to, SAST, DAST, IDS, IPS, Logging, Encryption, IAM.
- Strong ability to influence engineering staff and business partners on security and IT architecture and project roadmaps to drive positive change
- People and budget management experience
- Superior written and verbal communication skills necessary to drive cross-functional collaboration, create executive leadership awareness and alignment, and build confidence with external auditors and customers
- Thorough understanding of the software development lifecycle and the corresponding role and impact of information security
- Working knowledge of best practices for operating in the public cloud, including tactics for software deployment, continuous delivery, and infrastructure-as-code
- Willingness to take ownership of problems, drive alignment, and push forward with solutions
- Ability to operate at both strategic and operational levels. Strong executive presence and willingness and ability to roll up your sleeves and get involved to mentor and deliver if needed.
- Hands-on experience in several key areas of cyber security, including PEN testing, secure coding techniques, vulnerability management, network administration, event management, forensics, DLP, threat management, IAM, and risk assessment
- Battle-tested in stressful and high-pressure incident response scenarios. Remain calm under pressure and ability to multi-task
- Bachelor’s degree in computer science, a similar technical field of study, or equivalent experience.
- Relevant professional certifications such as CISSP
EverCommerce is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, age, marital status, veteran status, or disability status. We look forward to reviewing your credentials and getting to know more about your experience!