What are the responsibilities and job description for the Senior Director, Head of InfoSec position at Copado?
About Copado
Copado is the #1 DevOps Platform for Salesforce and the Cloud. We harness the power of native CI/CD and Robotic Testing to drive digital transformation for 1,000 of the most innovative brands on the planet — from Coca-Cola to eBay to Volkswagen. Our low-code platform unites non-technical admins and pro-code developers on the same system and empowers enterprises to scale end-to-end software delivery across multi-cloud environments.
The impact on your business? 20X faster releases, 94% fewer production bugs and 46% more Salesforce ROI. The impact on your team? No more late nights, weekend war rooms or stressful release days.
Brief Summary Of Role
The Head of Information Security will be responsible for leading and managing our comprehensive security programs, ensuring the ongoing security of our systems, data, and applications, and maintaining our FedRAMP authorization as well as various compliance frameworks. This role requires a strategic thinker with a deep understanding of information security best practices, cloud security, DevOps principles, and the intricacies of leading, including those of the United States Federal Government, security standards. They will be required to interface with business stakeholders, technology stakeholders, and customers. They will provide a clear and pivotal leadership connection to our teams, our company, and our customers.
The ideal candidate will have a proven track record of leading security programs in fast-paced environments, a strong understanding of working in various compliance frameworks, and a willingness to dive in and solve complex security problems for products serving some of the world’s biggest companies.
What You’ll Be Doing
Copado is the #1 DevOps Platform for Salesforce and the Cloud. We harness the power of native CI/CD and Robotic Testing to drive digital transformation for 1,000 of the most innovative brands on the planet — from Coca-Cola to eBay to Volkswagen. Our low-code platform unites non-technical admins and pro-code developers on the same system and empowers enterprises to scale end-to-end software delivery across multi-cloud environments.
The impact on your business? 20X faster releases, 94% fewer production bugs and 46% more Salesforce ROI. The impact on your team? No more late nights, weekend war rooms or stressful release days.
Brief Summary Of Role
The Head of Information Security will be responsible for leading and managing our comprehensive security programs, ensuring the ongoing security of our systems, data, and applications, and maintaining our FedRAMP authorization as well as various compliance frameworks. This role requires a strategic thinker with a deep understanding of information security best practices, cloud security, DevOps principles, and the intricacies of leading, including those of the United States Federal Government, security standards. They will be required to interface with business stakeholders, technology stakeholders, and customers. They will provide a clear and pivotal leadership connection to our teams, our company, and our customers.
The ideal candidate will have a proven track record of leading security programs in fast-paced environments, a strong understanding of working in various compliance frameworks, and a willingness to dive in and solve complex security problems for products serving some of the world’s biggest companies.
What You’ll Be Doing
- Lead and manage the ongoing development, maintenance, and enhancement of our information security program(s), ensuring continued compliance with the appropriate regulatory and compliance requirements.
- Oversee security assessments, vulnerability management, and penetration testing activities, which adhering to various regulatory and compliance guidelines.
- Oversee and manage incident response, including investigation, containment, and remediation
- Conduct regular security audits and vulnerability assessments to identify and address potential security issues before they can be exploited.
- Develop and deliver security awareness training programs for employees, emphasizing compliance and best practices.
- Stay abreast of emerging threats and vulnerabilities, and proactively adapt security measures.
- Collaborate with engineering and DevOps teams to integrate security into the software development lifecycle (SDLC), ensuring alignment with the appropriate controls and governing frameworks.
- Collaborate with IT, legal, and compliance departments to ensure that security policies meet regulatory requirements and that compliance is maintained across all systems.
- Oversee compliance with relevant industry standards and regulations, including ISO 27001, SOC 2, GDPR, and FedRAMP.
- Manage and mentor a team of security professionals, providing guidance on compliance and best practices.
- Establish and maintain strong relationships with key stakeholders, including customers, partners, and regulatory bodies.
- Bachelor's degree in computer science, information security, or a related field.
- 10 years of experience in information security, with at least 5 years in a leadership role.
- Deep understanding of security frameworks, such as NIST, CIS, and ISO 27001, with in-depth knowledge of FedRAMP requirements and controls.
- Hands-on experience with security tools and technologies, such as firewalls, intrusion detection systems, and vulnerability scanners.
- Strong knowledge of cloud security principles and best practices, particularly in the Salesforce ecosystem and within the context of FedRAMP.
- Experience with DevOps methodologies and tools, such as CI/CD pipelines and containerization.
- Excellent communication, interpersonal, and presentation skills.
- Ability to work independently and as part of a team in a fast-paced environment.
- Relevant industry certifications, such as CISSP, CISM, or CCSP, are highly desirable.
- Proven experience in maintaining FedRAMP authorization is a strong requirement.
- Knowledge of Salesforce is highly desirable.
