Senior Information Technology Security and Compliance Director

Job Description

About SugarCRM, Inc.

SugarCRM is a customer experience leader enabling businesses to create profitable customer relationships by delivering highly relevant, personalized experiences throughout the customer journey. We empower companies to strengthen existing customer relationships, create new ones through actionable insights and intelligent automation and better understand the customer at every stage of the journey. This enables businesses to accelerate demand generation, grow revenue, deliver superior customer care and increase loyalty. Our easy-to-use, intuitive platform makes customer experience easy and accessible for everyone, allowing marketing, sales and services professionals to focus on high-impact, value-adding activities that create customers for life.
Where do you fit?

The Information Security Director/Senior Director will be responsible for the Information Security management process within SugarCRM. You are well-versed in security architecture, compliance and controls; familiar with current and emerging threats; able to develop risk mitigation strategies required to protect the confidentiality, integrity and availability of information systems and (internal and external) client data; and be proficient at working with internal business units and vendors to resolve risk issues and develop efficient and effective action plans and strategies.

Activities include independently performing risk assessments; preparing detailed risk assessment reports for management approval; assisting end users in understanding security issues and developing mitigation strategies; and staying current on regulatory requirements, industry standards, data security frameworks and best practices.

Your will bring experience in conducting security risk assessments, penetration testing and vulnerability scanning, as well as working with complex technology systems, managing projects and providing security services, as well as excellent verbal and written communication skills and the ability to understand business requirements in order to make decisions on appropriate risk strategies.

Keeping you busy will also include establishment and enforcement of security policies and standards across the company, including software engineering, finance, operations, IT and Internal Applications. The SugarCRM security standpoint is an emerging function, providing the opportunity for significant growth in knowledge and experience in the areas of information security, risk management, privacy and audit.

Impact you will make in the role:

• Support all SOC 2 compliance related activities for the Company including audit preparation, supporting customer requests for security audit responses, etc.
• Support and oversight of security within 7x24 operations: production; engineering; and corporate environments both hosted (AWS) and on premise
• Review and audit all aspects of the Information Security Program
• Coordinate scheduling of assessments as well as respond to requests for information
• Manage security and operational audits; regulatory agencies; and industry leading security vendors
• Participate in the development and documentation of enterprise-wide security policies and procedures
• Manage the successful implementation and enforcement of security policies and procedures.
• Help manage the implementation of security initiatives
• Manage remediation of any findings from internal or external assessments
• Identify security risks and develop solutions to eliminate or minimize risks
• Lead in the Security Incident Response Team
• Champion the Security & Privacy Awareness Program
• Perform User Administration for key security tools and systems
• Conduct regular security audits/scans using industry security tools (including Open Source)
• Support 3^rd party information requests related to Company’s security policies, procedures, strategy, tools in use, etc.

Expertise you will bring in:

• CISSP certification
• BA or BS in Computer Science, Information Systems or related field, or relevant experience
• Advanced degree with emphasis in information technology highly desirable
• 10+ years in an information security, audit and compliance role with progressive experience in the following areas:
• SOC 2 compliance and support
• PCI Security
• Security policy development
• Security audits and assessments
• Information or IT risk management and compliance
• Hands-on System Administration for Windows, Macs and various Linux flavors
• Moderate-level knowledge of and experience with:
  • TCP/IP architecture, routing protocols and network security in general
  • Cross OS security concepts and integrations
• Knowledge of some of the following areas a must:
  • Software development security
  • SaaS provider
  • Cloud ops (AWS-GitHub)
  • Compliance frameworks (ISO, PCI, HIPAA, SSAE-16, Safe Harbor, etc.)
• Experience establishing, implementing and running a compliance program to support SOC 2
• Excellent communication, organization and presentation skills
• Ability to be cross functional across technical areas as a security expert
• Ability to multi-task
• Passion in the field of information security is a must
• Prior experience in a regulated industry
• Prior experience dealing with PII highly desirable
• Prior public company experience highly desirable
• Prior experience with SOX
• Prior demonstrated experience with GDPR

Location: Denver, CO

We are an Equal Opportunity, Affirmative Action employer. Minorities, women, veterans and individuals with disabilities are encouraged to apply.

• Competitive salaries
• Excellent medical, dental and vision coverage for you and your family, along with other benefit plans like 401(k) match
• Unlimited Paid Time Off
• Wellness Reimbursement Program
• Onsite Programs, depending on location, such as Dry Cleaning, Car Washes, Massage, Yoga, and more
• Career & Personal Development Program – multi-platform
• Regular social events
• Ownership is the greatest self-identity at SugarCRM - you are making an impact now
• We are a merit-based company - many opportunities to learn, excel and grow your career

Note to Recruiters and Placement Agencies: SugarCRM does not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any SugarCRM employee. SugarCRM will not pay fees to any third-party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of SugarCRM and will be processed accordingly.