Head of Security & Compliance

Job Title
Head of Security & Compliance
Job ID
27362782
Location
New York,  NY 10017
Other Location
Description

Head of Security and Compliance

 

WHO WE ARE

Cloud9 Technologies is a voice communication and analytics platform for institutional traders.  We leverage cloud services including AWS, a wide array of web services, WebRTC, as well as advanced deep learning techniques to empower firms with the benefit of modern communication tools and enhance trader workflow with actionable voice data & analytics.    

Our company was started in 2014 by a team of motivated entrepreneurs and highly successful industry veterans that have started several businesses and taken multiple companies through public offerings.  We are well funded, with investors including J.P. Morgan, Barclays, NEX, and Point72 Asset Management. Cloud9 has been profiled in publications such as the Wall Street Journal, Forbes, and Waters Technology.  Our award-winning technology was a named the 2017 Best Sell-Side Trading Communication System by Waters Technology for the second year in a row, recognized in the Top 10 innovative solutions of the year by the Futures and Options Industry Association, named to the CB Insights Fintech 250, and the FinTech Global RegTech 100.

By bringing together an experienced group of engineers, product managers, and industry experts, Cloud9 developed a communications platform for the trading floor of the future – offering more functionality and analytic insight than legacy hardware at a fraction of the cost.  We’re a group of pioneers who enjoy solving challenges and building disruptive technology – and we’re looking to hire the best and brightest.

Join our team to contribute to the development of the most secure, compliant, and reliable communications platform in the financial services industry.

 

WHAT YOU WILL DO

 

As Head of Security and Compliance, you will be responsible for Cloud9’s information risk management program and driving the mindset that information security is critical to our business success.  Reporting to the Chief Technology Officer, you will identify, evaluate and report on regulatory, privacy, IT and cybersecurity risk and compliance.  You are responsible for establishing and maintaining the information security program across the enterprise to ensure information assets and associated technology, applications, systems infrastructure, and processes are adequately protected. 

Information Security

  • Ensure continuous compliance to ISO 27001 & SOC2 Type II

  • Develop and maintain strategy to enhance Cloud9 security while maintaining budget and costs

  • Ensure information security-related legal & contractual requirements are met by Cloud9 

  • Manage day to day activities for information assets & access management

  • Perform regular measurements to assess conformance to ISO 27001 standard

  • Ensure compliance in vulnerability management by overviewing and controlling static and dynamic applications and environment scans (Tenable, Veracode, Whitesource)

  • Manage annual Pentests, BCP & Data Breach activities

  • Ensure all security issues are groomed, prioritized, tested and deployed as part of Cloud9 Agile Scrum SDLC

  • Conduct risks review, annual internal & external audits

  • Ensure 3rd party contractor compliance to Cloud9 policies and processes

  • Manage access security of users to Atlassian Suite (JIRA, Confluence, BitBucket)

Privacy

  • Maintain and build upon Cloud9’s current global privacy program

  • Develop, implement and maintain privacy policies and procedures in accordance with applicable law

  • Oversee response to regulatory inquiries relating to privacy including data subject access requests

  • Partner with the business to implement a control environment for products and solutions that complies with regulatory obligations, including privacy by design

  • Conduct privacy risk assessments   

  • Being able to guide the development teams in their effort for privacy by design  

Customer Compliance and Security

  • Lead Third Party Oversight (TPO) efforts in coordination with Cloud9 DevOps team 

  • Manage TPO audits with customers and provide status to customers as necessary

  • Manage deadlines for TPO findings and resolutions

  • Identify projects and collaborate with Development, QA, Product and DevOps teams to ensure delivery

  • Manage deadlines for TPO findings and resolutions

  • Review all privacy matters in customer and vendor contracts 

  • Own the responses to privacy and security portions of customer RFP’s.

Training

  • Assure that staff are properly trained on information security and privacy compliance matters and that training fits within an approved budget

  • Ensure training compliance company wide and within Cloud9 ISMS team

 

Required Skills and Experience:

  • Bachelor’s degree in Computer Science or related field required

  • [5-7] years of experience in risk management, information security, IT and privacy

  • Strong knowledge of information security best practices, standards and frameworks such as ISO/IEC 27000, PCI, HIPAA

  • Proven track record and experience in developing information security policies and procedures, ideally in a fintech environment

  • Strong understanding of various technologies and their application in financial services and communications such as network infrastructure and protocols, voice technology, WebRTC and AWS.

  • Knowledge of GDPR, CCPA, PDPC, Shield Act and related privacy regulatory regimes

  • Knowledge of AWS products and architecture

  • Knowledge around SIEM data collection best practices

  • CISSP, CAP, or CISA certification is a plus

 

Competencies

  • Strong documentation, written and verbal communication and presentation skills

  • Project management training is a plus

  • Multi-tasking, planning and organizational capabilities

  • Detail oriented individual

  • Willing to learn and have fun!

 

Supervisory Responsibility

Manage compliance associate.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

The employee is occasionally required to sit; climb or balance; and stoop, kneel, crouch or crawl. The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.

Position Type/Expected Hours of Work

This is a full-time position: Monday through Friday, 8:30 a.m. to 5 p.m.

Travel

No travel is expected for this position.

Additional Eligibility Qualifications

None required for this position.

Work Authorization/Security Clearance

Citizenship or legal visa status in the country they are employed.

AAP/EEO Statement

Cloud9 Technologies LLC values diversity of culture and thought and seeks talented, qualified employees in all its locations around the world regardless of race, gender, national origin, religion, sexual orientation, disability, age or any other protected classification under country or national law.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.