Vice President, Information Security

The fundamental duty of the Vice President, Information Security is to reduce or eliminate the security risks to InvoiceCloud's intellectual property, data, critical infrastructure and other information and physical assets.  They are primarily responsible for establishing and maintaining the governance, strategy, actions, processes, policies, tools, partnerships, and other controls designed to protect those assets from unauthorized access, use, theft, tampering, or damage.  The Vice President, Information Security will report to InvoiceCloud’s General Counsel.

More detailed responsibilities for the Vice President, Information Security role include, but are not limited to the following:

• Build and maintain a culture of security for the organization where security is a forethought, not an afterthought and is integral to the key ingredients of success for InvoiceCloud.
• Develop and nurture a team of crack security professionals focused on honing their craft while improving the reputation of InvoiceCloud as a market leader in digital payment and customer engagement services.
• Assemble a network of key stakeholders, service provides, and industry experts to provide the Vice President, Information Security and their team the necessary support in pursuit of their objectives.
• Foster collaboration, encourage diverse thought and productive debate, and inspire innovation that quickly produces solutions to security challenges.
• Promote a security vision aligned with InvoiceCloud’s mission and company objectives through actions and communication.
• Develop security capabilities that present obvious value to customers and are recognized as competitive differentiators.
• Abstain from creating security impediments to product innovation and customer engagement.

The Vice President, Information Security will also be responsible for maintaining a comprehensive security program that includes coverage for the following domains including but not limited to:

• Oversight, governance, and management: ensure that security operations run smoothly and in a manner that continuously improves the overall security maturity level as measured against industry-standard frameworks such as HiTrust, PCI –DSS, NIST CSF, SP 800-53, 171, or others; maintain compliance with standards commensurate with business needs; maintain communication with key leaders such that risks are known and managed.
• Open-source software: continually evaluate the suitability and integration of open-source software and services; maintain and expand understanding of open-source software, licensing, and ecosystem; develop and oversee open-source security policies, protocols, and procedures; and conduct security research on the latest open-source threats, vulnerabilities, and mitigation strategies.
• Artificial intelligence: develop and implement a GenAI security strategy that aligns with InvoiceCloud's objectives and the regulatory landscape; ensure compliance with AI-specific security frameworks; lead efforts to identify and mitigate vulnerabilities specific to GenAI systems; and collaborate with development teams to integrate security best practices into the deployment of AI models.
• Security architecture and strategy: plan, budget, procure, and implement security strategy as an integrated function inside business operations and product development; design and implement a security architecture that is aligned to and supportive of business goals.
• Threat intelligence and risk assessments: maintain awareness of current and potential security threats, breaches, and attack vectors through a variety of channels; provide company executives with insight and warnings to possible issues vendors, partners, customers, potential mergers or acquisitions, and other material business strategies or relationships.
• Legal and compliance integration: continuously maintain a proactive posture and level of preparedness for pending legislation or industry shifts impacting applicable information security; foster an assertive bias towards innovation in integrating information security practices into the fabric of the organization.
• Security operations: real-time threat detection, analysis, response, and remediation; general security hygiene, patch management, and security awareness training/testing; incident response and management; comprehensive vendor risk management.
• Data loss prevention: ensure data, information, assets, and proprietary property remain secure from corruption, misuse, and theft.
• Investigations and forensics: assemble the capabilities, including but not limited to technology and team, to conduct investigations with the appropriate chain of custody and forensic procedures to determine the potential indicators of compromise for a known or suspected security breach, leak, hack, or other related issue; work with law enforcement, internal and external legal counsel to conduct the investigation in a discreet and confidential manner; incorporate finding information and remediation activity into controls to prevent future issues.
• Application Security: ensure that engineering teams are trained and consistently exercising application security best practice in accordance with industry standards; ensure that application risks are known and mitigated in both internally and externally developed software
  
  

What success looks like:

First 30 days

• Gain business and organizational context:
  • Research the business model, product offering, and organizational structure of InvoiceCloud.
  • Observe meetings.
  • Insert into communications streams (Slack, Teams, email, recurring meetings)
• Build relationship map for achieving goals, removing obstacles, and strategic alignment.
• Meet with company’s executive leadership team members.
• Present initial overview of business context and key relationship map to General Counsel.

First 60 days

• Establish an understanding of InvoiceCloud’s information security profiles that identifies the applicable controls, frameworks, and relative maturity levels;
• Evaluate the existing security program goals, progress, and effectiveness.
• Review available information security risk artifacts, including incident reports, risk register, program documentation, training material and other relevant information, identifying specific improvement opportunities and themes.
• Assess existing team member talent, experience, productivity and summarize key findings, observations, themes, and actions to discuss with General Counsel.
• Present an initial draft of a comprehensive security strategy plan document to the General Counsel that outlines organizational structure requirements, key actions, long and short-term objectives, high-level budget needs, and timeline for execution.
• Prepare an observations and action report for executive leadership team presentation.

First 90 days

• Deliver final comprehensive security strategy plan document that outlines centralized and harmonized security reporting strategy, organizational structure, key actions, long and short-term objectives, high-level budget needs and timeline for execution.
• Develop an annual budget and goals aligned with overall InvoiceCloud planning process.

Qualifications

• Bachelor's degree in IT, Computer Science, Computer Engineering, or related technical field; Master's degree or MBA preferred
• 10-15 years of relevant experience in information security
• Aptitude to articulate technical and security content in a manner that non-technical audiences can understand.
• Experience with enterprise-level governance and policy development.
• A developed network of security professionals, law enforcement contacts, and vendor relationships.
• Knowledge of and personal certification in various industry standards, frameworks, and programs.
• Experience with application security.
• Accustomed to customer and prospective customer interaction and communication.
• Knowledge of current relevant legislation as well as potential and upcoming legislation and ethical considerations impacting information security practices and requirements.
• Incident management and remediation skills.
• Strategic management, planning, and budgeting skills.
• A diverse background in various fields of technology and business.