Chief Information Security Officer

About Us:

SingleStore is a late-stage venture-backed database company revolutionizing the way businesses manage and utilize data. Our cutting-edge technologies empower organizations to harness the full potential of their data securely and efficiently. With a commitment to innovation and excellence, we are poised for significant growth and seeking a dynamic Chief Information Security Officer (CISO) to lead our information security efforts.

SingleStore empowers the world’s makers to build, deploy and scale modern, intelligent applications on the only database that allows you to transact, analyze and search data in real time – elevating human lives.

Role Overview:

As the Chief Information Security Officer (CISO) at SingleStore, you will be responsible for owning all aspects of information security to safeguard our systems, data, and assets. This is a critical leadership role where you will define and implement comprehensive security strategies, policies, and procedures to ensure the integrity and availability of our product. You‘ll build an accountable, trusted and security-conscious culture. Partnering closely with Engineering, DevOps and company executives, you‘ll create a system security infrastructure built on high-quality standards, guidelines and controls that is regularly tested and reported and meets regulatory expectations.

Key Responsibilities:

• Develops, implements, and monitors a strategic, comprehensive information security and risk management program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets; drives, maintains, and regularly updates IT security strategies, plans, and implementation roadmap.
• Plans, directs, and coordinates information security policies, procedures, standards, guidelines, and controls to ensure that all information systems are functional, secure, and compliant with privacy laws and regulations.
• Ensures the 24/7 monitoring of access to all systems and maintenance of access control profiles on computer networks and systems; monitors threats and takes preventive measures to mitigate the impact of known and unknown threats; designs and executes penetration tests and security audits.
• Oversees identity and access management; ensures documentation of access authorizations is maintained for all applicable resources; develops and maintains appropriate segregation of duties within and across applications.
• Oversees data lifecycle management; ensures prevention of data loss is maintained for all critical/sensitive assets; develops and maintains a data classification program that properly classifies all assets as to sensitivity and criticality.
• Ensures the installation, modification, enhancement, and maintenance of system security software.
• Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities; develops and maintains the Incident Management Plan and escalates possible incidents to the Security Incident Response Team; serves as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning.
• Maintains a current understanding of the threat landscape for the industry; liaises with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape.
• Ensures compliance with changing laws and applicable regulations. Directs member and employee data security awareness and education; ensures cyber security policies and procedures are communicated to all employees.
• Oversees and coordinates all regulatory examinations and audits. Remediates all findings or coordinates organizational risk acceptance. Regularly interfaces with regulatory/audit personnel to ensure delivering of all required documentation/artifacts.
• Reviews/prepares security program status, industry trends, and risk report presentations.
• Conducts on-demand voting committee member meetings as needed to review residual risk acceptance.
• Develops annual objectives and budgets; builds, leads and inspires a highly skilled and diverse department to accomplish approved objectives within the approved budgets; fosters a culture of trusted cross functional partnership, service, collaboration, and continuous improvement.
• Partner and align with Product, Engineering, SRE, Networking, Infrastructure & Operations, and other key departments to reinforce product security to drive and automate secure development practices, while maintaining business needs and mutually agreeable timelines.
• Performs Business Resumption planning for assigned departments and validates the adequacy of the plans.
• Evaluates, selects, and approves vendors to maintain the quality of member services; manages vendor relationships to ensure achievement of department goals and maximum benefit for the credit union and its members.
• Establish and enforce security policies, standards, and procedures to ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001).
• Lead efforts to achieve and maintain relevant certifications and attestations.
• Conduct regular risk assessments and audits to identify vulnerabilities and prioritize remediation efforts.

Qualifications:

• Master’s degree or relevant certifications (e.g., CISSP, CISM) preferred
• Proven experience in a senior leadership role within information security, preferably in a technology or data-focused company.
• Extensive experience in managing cyber security initiatives and ensuring compliance with security standards
• Strong experience of relevant compliance frameworks and regulations (e.g., Fedramp, GDPR, HIPAA, SOC 2).
• In-depth knowledge of cloud services and experience with cloud architecture and management
• Experience scaling a security program in a fast-paced environment. Ideal experience would be experience working at a start-up or a technology company that has gone through a period of fast growth.
• Experience in developing security functions and maturity in a fast-paced global organization, mitigating critical security risks and implementation of security technologies
• In-depth knowledge of security principles, standards, and technologies, including but not limited to encryption, access control, network security, and identity management.
• Demonstrated experience in developing and implementing security strategies and initiatives.
• Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels of the organization.

Other:

• Employment Status: Full Time
• Work Authorization: Eligibility to work for US based employer. For US based employees, SingleStore is able to facilitate the transfer and sponsorship of visas.
• Location/Working classification: US/ Remote/ Hybrid

Consistent with our commitment to diversity & inclusion, we value individuals with the ability to work on diverse teams and with a diverse range of people.

SingleStore values individuals for their unique skills and experiences, and we’re proud to offer roles in a variety of locations across the United States. Salary is based on permissible, non-discriminatory factors such as skills, experience, and geographic location, and is just one part of our total compensation and benefits package. Certain roles are also eligible for additional rewards, including merit increases and annual bonuses.

Our benefits package for this role includes: stock options, flexible paid time off, monthly three-day weekends, 14 weeks of fully-paid gender-neutral parental leave, fertility and adoption assistance, mental health counseling, 401(k) retirement plan, and rich health insurance offerings—including medical, dental, vision and life and disability insurance.

SingleStore’s base salary range for this role, if based in California, Colorado, Washington, or New York City is: $220k to $250k baseUSD per year.