VP of Cloud Platform and Enterprise Security Operations - San Mateo, Ca
VP of Cloud Platform and Enterprise Security Operations
Join our growing Information Security team as we empower and help secure the business to achieve our next chapter of global growth and cloud transformation. We are seeking a pragmatic, accomplished and innovative player-coach leader to paint and execute on the strategic vision in support of the Company’s growth. The Information Security organization is responsible for providing security services for all customer-facing and enterprise platforms and applications across Guidewire.
The VP of Platform and Enterprise Security Operations is accountable for overseeing the strategic planning, development, and execution of Guidewire’s global application and platform security testing and security operations programs for all customer facing and enterprise assets. This position is a senior member of the Guidewire leadership team, is based in the San Mateo, CA office, and reports directly to the Chief Information Security Officer.
Proactively addressing the ever-changing cybersecurity threats and landscape requires a strong set of leadership, influencing and organizational skills. Developing meaningful and collaborative partnerships with the product, cloud platform, services, business technology, and other business units is essential. The ideal candidate will have a strong business-to-business SaaS security background, a business-focused/data-driven mindset, and a track record of overcoming the barriers that can distance information security from the business. They will be a visionary and a leader who inspires others to achieve greatness with genuine humility.
- Provide strategic and operational leadership of the teams responsible for product, platform and enterprise security (i.e., global Product Security and Security Operations)
- Lead the company-wide application, network and systems testing and vulnerability management programs
- Proactively identify vulnerabilities through providing services such as secure SDLC (i.e., SAST/DAST/FOSS), penetration testing, network scanning, red teaming exercises, monitoring/alerting tools, threat intelligence and others
- Ensure all platforms (customer cloud and enterprise) are proactively monitored using advanced threat detection methods/tools, SIEM technology, MSSP support, etc.
- Oversee 24x7 monitoring, alerting and incident response for customer platforms and company systems
- Ensure the end-to-end security incident response plan is in place, regularly tested and evaluated, and continuously improved
- Develop a close partnership with key business stake holders, identify top risks/opportunities and develop a joint strategy and roadmap
- Define and drive an overall cohesive vision, strategy and investments (including supporting TCO assessment) for the Product Security and Security Operations teams and supporting functions
- Develop dashboards and metrics that effectively show the security status of platform, product and enterprise security and associated projects/initiatives
- Elevate the security maturity level by introducing best practices and a risk- and data-driven culture within the teams and with key stakeholders
- Track the latest threats and security innovations and keep abreast of latest cybersecurity technologies
- Work with vendors and internal stakeholders to evaluate, test and choose security products and services
- Enhance and expand the capabilities of the team to meet global needs
- Drive innovative ideas, solutions, and outcomes through leadership and decisive action
- Attract and hire exceptional talent, and grow your team of analysts, engineers, and architects with requisite technical and security experience
- Budget management and optimization
- Meet with customers or potential customers to build trust and to communicate security capabilities and practices
- Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the security of electronic information and/or any information technology investigation
- Bachelor’s degree in Information Security/Cybersecurity, Computer Science, Information Systems, Business, Data Analytics or related field or equivalent work experience
- MBA or other graduate level degree preferred
- Security certifications such as CISSP, CISM, etc. are preferred
- 10+ years leadership experience and established track record of successfully and directly managing cross-functional teams of product/platform security staff, policy-focused professionals and project groups/teams, and budgets
- Practical experience designing, implementing, and operating information security solutions and services for business-to-business using modern SaaS cloud-based platforms and technologies
- Demonstrated experience in solution design and architecture with a focus on scalability and automation
- Familiar with Agile development with direct Agile experience a significant plus
- Has established or run, at scale, a full-stack secure SDLC testing and vulnerability management program (i.e., security/privacy by design, threat modeling, SAST, DAST, FOSS, penetration testing, red teaming, etc.)
- Experience establishing or running, at scale, a full security operations team including a global 24x7 SOC, SIEM management, MSSP management, security tools management, incident response and investigation, forensic analysis, etc.
- Proven success of delivery on large and cross-team programs
- Experience undergoing compliance audits such as SOC 1, SOC 2, PCI-DSS, ISO 27001, etc. is required.
- Strong understanding of one or more security control frameworks such as NIST, ISO 27001/2, CSA, etc. is required.
- Can demonstrate experience evaluating and selecting security vendor products and services
- Experience working in a risk-based environment including mitigation, planning and implementation
- Demonstrated professional experience in preparing and presenting information effectively, clearly, and concisely in written and spoken form to a wide-range of internal and external constituencies, including executives, officers, product or service vendors, and managers
- Track record of building effective teams to ensure the efficient operation of the unit
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.