Director of Information Security
: Job Details :

At Bluebeam, we empower people to advance the way the world is built. We create smart software solutions that make construction sites more efficient, connected, and safe and improve the lives of design and construction professionals everywhere.This position will provide leadership and accountability for Bluebeam's information security program. It is responsible and accountable for establishing, planning, administering, and evaluating the overall policies, goals, and procedures company-wide for the information security program. Relevant, collaborative leadership experience, proven execution ability, and technical cybersecurity competency are key indicators of success for this role.Responsibilities:

Defines and owns a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk.

Creates quarterly, annual, and long-term cybersecurity and cyber risk management goals, articulates strategies, defines metrics, and provides necessary updates to executive leadership and the Security Steering Committee.

Builds and inspires a highly skilled and diverse Security team. Fosters a culture of trusted cross-functional partnership, service, and continuous improvement.

Partners with Product & Engineering leadership for the development, planning, and execution of major security initiatives, ensuring secure development and overall technology and security planning in line with Bluebeam's product roadmap and R&D innovations team.

Oversees product review assessments and promotes the implementation of security technologies.

Collaborates with peer members of the greater global Nemetschek security team and leads security initiatives for the US-based brands to establish and promote appropriate security standards throughout the Nemetschek Group and provides an effective governance structure to ensure cyber compliance and accountability.

Mentors internal Bluebeam and Sister Brand security team members.

Leads Security Incident Responses, Vulnerability assessments, Third Party Information Security assessments, Data Protection and Encryption, Identity & Access Management, and Privileged User Access to protect both customer and employee data.

Coordinates responsive actions for disaster recovery, business continuity, and incident response plans.

Develops and coordinates response plans to ensure timely response to information risk-related incidents.

Builds and inspires a highly skilled and diverse GRC and Privacy team, staying abreast of new regulations affecting the business and driving a culture of compliance throughout the organization.

Partners with business stakeholders across Bluebeam and the Nemetschek group to raise awareness of risk management concerns, including advising system owners on the security posture of their systems.

Oversees the continued development and maintenance of Bluebeam's processes, policies, and technical controls in support of certifications programs and continual compliance with ISO/IEC 27001/2, SOC 2, and applicable privacy regulations and ensures ongoing compliance thereof.

Qualifications:

• 10+ years of enterprise cybersecurity or relevant technology/risk management experience• 3+ years of experience directing the activities of other managers running information security teams• 2+ years of experience in GRC and data privacy regulations• Hands-on experience leading one or more of the following functions is required: GLBA/privacy, third-party risk management, cyber resilience planning/response, strategy/board reporting• Demonstrated experience in cloud and mobile technologies, including multi-tenancy data storage preferably with AWS infrastructures.• Demonstrated experience in establishing and maintaining common security frameworks (SOC2, ISO27001, NIST)• Broad, current knowledge of regulatory and voluntary standards-based compliance related to cloud and mobile applications and data confidentiality (e.g. CCPA, GDPR, PCI, SOC2, ISO 27001) and experience implementing and fostering compliance maturity.• Experience with software-as-a-service companies and securing cloud architectures.• Exceptional communication skills, including written deliverables, oral presentations, and the ability to facilitate crucial conversations at all levels of the organization.• Track record of leading enterprise projects and cross-functional initiatives to success, on time, and within budget.

Compensation:

• People-focused, entrepreneurial start-up culture with the backing of a stable, global, corporate entity - Nemetschek• Competitive compensation and benefits package (medical, dental, education reimbursement, 401k, wellness resources)• Work-life balance fostered through a culture of diversity, inclusion, and appreciation of individual lifestyle needs• You will have the opportunity for continuous professional development

#J-18808-Ljbffr