Director, Information Security Jobs

Top Hat is seeking a Director, Information Security to lead our InfoSec practice, including Product and Enterprise security. Reporting to the CTO, you’ll plan and execute security initiatives across the company, starting with leading our program to achieve StateRAMP certification. You’ll work with executive management to determine acceptable levels of risk for the organization, assess the current state of risk, and put forth treatment plans to meet the security objectives. This position is responsible for establishing and maintaining a corporate-wide information security management program, privacy regulation controls, and a compliance program to ensure that information assets are adequately protected. You’ll take ownership of our security vision, roadmap, and practices going forward, working closely with our Engineering, IT, and Legal leadership and teams.
We take a DevSecOps approach to delivery and production ownership. This applies to our security strategy as well: as the primary owner of security for the organization, you’ll directly manage security projects as well as establish and enable patterns and policies to ensure strong security practices are adopted within each of our functions, domains, and teams.
This role can be based out of our Toronto office, or fully remote, anywhere in Canada or the US.
You Will:

• Evangelize and advocate for strong security practices across the organization.
• Set the vision for our security roadmap and evolve and expand our existing security practices to meet or exceed market requirements.
• Build a culture of security ownership rooted in shared values.
• Take ownership of our StateRAMP compliance program and drive it to timely completion.
• Work in a continuously deployed AWS cloud environment.

You Are:

• Experienced with cloud computing technologies, managing cloud infrastructure as code, and with security commitments to customers and partners.
• A pragmatist. You understand that security policies are driven by market requirements and risk management. You are comfortable advising executive leadership and making decisions based on risk/reward assessments.
• Knowledgeable of relevant legal and regulatory requirements such as StateRAMP, Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA) and frameworks, such as ISO/IEC 27001, and NIST.
• A values and people oriented leader who can drive change through advocacy and influence.
• Highly experienced in developing information security policies and procedures, as well as successfully executing programs
• Biased to action and obsessed with delivery. You get things done.
• Experienced with leading Application Security, DevOps, or Cloud Security functions
• Skilled at communicating security and risk-related concepts to technical and non-technical audiences
• A leader with demonstrated success driving enterprise security and compliance programs who still wants to get your hands dirty and contribute directly to implementation.
• Empathic and emotional intelligent to lead a diverse group of engineers and managers at varying stages of their careers

Why team members love working at Top Hat :

• A team that cares deeply for customers and for each other
• A management team focused on performance, growth, engagement and connection
• A noble mission that creates meaningful, fulfilling work
• Innovative PTO policy with lots of time and space for self-care
• An awesome and welcoming Toronto HQ, and a growing sales hub in Austin, Texas
• Professional learning and development for all role levels
• Competitive health benefits that start on day one
• We’re a company of invested owners - every Top Hatter receives stock options
• Passionate customers that believe in us—and what we do
• Our winning strategy and market potential