Finalsite is the preferred website, communications, and marketing platform of more than 8,000 schools worldwide. The company’s people, products and services transform how schools connect and engage with their community, recruit students and staff, and fundraise; while managing the complex requirements around data privacy, accessibility, hosting and security. Finalsite products and services include award-winning website designs, a robust content management system, a powerful enrollment management system, innovative inbound marketing tools, data integration, training, support and marketing consulting. With a 96% retention rate year-over-year, Finalsite is the choice of over 6000+ schools in the U.S., and international schools and universities in over 115 countries around the world. The company is a remote-first company headquartered in Glastonbury, CT with teams in Austin, TX, Chennai, India, U.K and Bogota, Colombia. For more information, please visit www.finalsite.com.

MISSION

Finalsite’s mission is to help schools prepare students to be successful and make the world a better place.

VISION

Finalsite will transform the way school communities engage with their schools.

LOCATION

100% Remote - Anywhere within the US.

SUMMARY OF THE ROLE

Finalsite is seeking a Vice President of Security Engineering to develop, lead and manage security engineering initiatives. We believe that security needs to be built in, not bolted on. Whether we’re talking about Finalsite’s code, operations, or roadmap, security is at the core.

As VP of Security Engineering, you’ll craft the vision and execution plan for taking our security program to new heights. You’ll have responsibility for and ownership of the entire product security and IT security program, including secure design, threat detection and prevention, and more. In these efforts, you’ll be partnering with and supported by engineering, SRE, IT and Legal teams.

WHAT YOU'LL DO

• Lead the team from the front: directly involved in the design, implementation, and management of Finalsite’s security efforts across product, engineering and IT
• Ensure that we have an always-current threat model that informs the security program priorities
• Establish and implement security policies, procedures, standards and guidelines
• Partner with engineering and product to design highly secure systems and features in the implementation, certification, and maintenance of compliance standards (NIST, ISO 27001/ISO27701, SOC2, GDPR, CCPA, etc.)
• Work with executives and security professionals from our enterprise customers who are evaluating Finalsite and our security posture
• Responsible for security operations including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
• Develops, trains, and mentors the Information Security Engineering team to grow their technical and professional capabilities

WHAT WE'RE LOOKING FOR

• Bachelor's degree in Computer Science, Engineering, or related technical field
• At least 5 years of hands-on software engineering experience
• At least 3-5 years in a leadership role within security engineering, with a demonstrated ability to break down large problems and get things done
• Hands-on experience in software development - preferably with public cloud computing technologies such as AWS, Azure, or GCP
• Hands-On experience in an enterprise software product company with fast-moving software development teams
• Ability to work cross-team and communicate effectively with people from a variety of different backgrounds and different levels of security awareness
• Experience working with and managing 3rd party cyber security providers for pentest, compliance certification such as ISO-27001, managed service providers such MDR, cybersecurity remediation, incident response teams, etc.
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, SOC2, FedRAMP, ISO/IEC 27001/27701, and NIST security principles
• Certifications (preferred): CISSP, CISM, Security+
• Strong written/oral communication skills required along with the desire and ability to communicate with business leaders at all levels of the organization
• Strong analytical and problem-solving skills

Link to All Staff Competencies and Mental and Physical Requirements

RESIDENCY REQUIREMENT

Finalsite offers 100% fully remote employment opportunities, however, these opportunities are limited to permanent residents of the United States and the United Kingdom, unless otherwise restricted in the job description above. Current residency, as well as continued residency, within the United States or United Kingdom, are required to obtain (and retain) employment with Finalsite.

DISCLOSURES

Finalsite is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. EEO is the Law. If you have a disability or special need that requires accommodation, please contact Finalsite's People Operations Team. Finalsite is committed to the full inclusion of all qualified individuals. As part of this commitment, Finalsite will ensure that persons with disabilities or special needs are provided a reasonable accommodation.