About Nintex:
At Nintex, we are transforming the way people work, everywhere.
As the global standard for process intelligence and automation, we're trusted by over 10,000 public and private sector organizations across 90 countries. Our customers, from industry giants like Amazon, Coca-Cola, and Microsoft, rely on the Nintex Platform to accelerate their digital transformation journeys by managing, automating, and optimizing business processes quickly and efficiently. We improve their lives through the technology we build.
We are committed to fostering a workplace that supports amazing people in doing their very best work every day. Collaboration is constant, our workplace is fun, the environment is fast-paced, and we value our people’s curiosity, ideas, and enthusiasm. Driven by passion and accountability, we take initiative, measure progress, and deliver results. Our culture fosters innovation and problem-solving, fueled by curiosity and a commitment to thinking big. Together, we move with agility, prioritize customer needs, and build unity through empathy, leaving a positive impact wherever we go.
About the role:
The Director, Security and Compliance will be responsible for the strategic leadership of the security and compliance program at Nintex. The security leader will establish, maintain, enhance, and grow comprehensive security strategies, policies, and procedures to ensure the integrity, confidentiality and availability of intellectual property and assets are protected. The Director will be responsible for proactively identifying, assessing, and reporting on security risks that meets regulatory requirements and supports the risk posture of the Nintex.
**Your contribution will be: **
**Information Security: **
Establish near and long-term internal security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create a roadmap for continual security and compliance growth.
Lead the design, implementation, and protection of security controls, processes, and technologies to protect the organization's intellectual property and assets.
Actively engage in a threat management and intelligence program in collaboration with an outsourced Security Operations Center (SOC).
Provide regular and consistent reporting on the current status of the information security program to senior business leaders.
Manage security incidents and breaches, including incident response, investigation, and remediation efforts.
Maintain, shape, and grow up-to-date information security policies, standards and guidelines.
Learn, investigate, and examine new security technologies that can strengthen and provide depth to Nintex’s security posture.
**Risk Management and Compliance: **
Establish and maintain the BC/DR program throughout Nintex.
Enhance and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings.
Work closely with internal stakeholders and external auditors and consultants on ISO and SOC audits.
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information technology systems.
Lead, enhance, and evolve the Crisis Response Team, including annual Disaster Recovery testing and tabletop exercises.
**Security Education: **
Enhance and deliver security awareness and training programs to educate employees on best practices and promote a security-conscious culture.
Monitor the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
**Product Security: **
In collaboration with Product and Engineering leaders and develop processes and implement tooling to integrate security into Product which includes threat modeling, cloud security posture, and other security protections.
Establish a red and blue team exercise with product to focus on emerging and trending cyberattacks.
**Leadership: **
Manage, hire, and grow security engineers and compliance analyst.
Collaborate with cross-functional teams, including IT, legal, compliance, and product, and R&D, to implement security policies and awareness.
Partner with Infrastructure and Support team to deliver on security initiatives and create a roadmap and plan for future security initiatives.
Partner with internal key stakeholders to assess our posture, build controls, and mitigate security risks.
Establish and maintain relationships with external vendors, partners, and industry peers to stay informed about security trends and leverage external expertise.
Establish and grow an environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
**To be successful, we think you need: **
Bachelor's degree in computer science or similar field such as Engineering, Information Security, or Information Systems.
Current and relevant Industry Certifications such as CISSP, CCSP, or CISA.
10+ years of direct experience in an Information Security role.
5+ years of experience leading teams in a Security organization.
Deep familiarity with enterprise security technologies, such as: firewalls, EDR, SIEM, MDR, MFA, CASB, vulnerability management, encryption technologies, etc.
In-depth knowledge of information security principles, practices, technologies, standards, risk management methodologies and frameworks.
Exceptional problem-solving and analytical skills with the ability to distill complex and nuanced issues into structured frameworks and processes.
Strong, executive level oral and written communication skills with ability to understand technology sufficiently to clearly communicate the complexity in simple terms for key stakeholders, both in one-on-one and public settings.
Strong ability to translate strategic-level goals into actionable objectives.
Knowledge of common information security and compliance management frameworks, such as ISO/IEC 27001, SOC2, and NIST.
Proven ability to manage and mentor both technical and non-technical individual contributors and managers.
Experience managing a geographically dispersed team supporting the ongoing protection and monitoring.
Experience with contract and vendor negotiations and management including managed services.
What’s in it for you?
Nintex has a hybrid working model, enabling us to build culture, learn, and grow together. We intentionally connect and collaborate, while emphasizing flexibility with a blend of at-home and in-office work. This role is a hybrid role in our local Nintex office.
While our offerings differ from country to country, we offer our entire global workforce an array of exciting perks and benefits, including
- Global Gratitude and Recharge Days
- Flexible, paid time off policy
- Employee wellness programs and counseling resources
- Meaningful peer recognition and awards
- Paid parental leave
- Invention/patenting assistance
- Community impact, paid volunteer time, and opportunities
- Intercultural learning and celebration
- Multiple tools through which to learn and grow, and an incredible global community
View more about our benefits here: https://www.nintex.com/wp-content/uploads/2023/01/Global-Perks-and-Benefits.pdf.
**Target Compensation Range (US ONLY): ****205,000 - 220,000 ****USD annually. **On target compensation refers to the base salary and applicable variable target for this role. The range is an estimate, base pay will ultimately be decided at the offer stage, based on an individual candidate's skills and experience aligned with the needs of the role. Base pay may vary based on several factors including geographic location, role specific qualifications, and seniority. Nintex also offers a competitive benefits package including paid time off, twelve paid holidays, 401(k) with employer match, and more.
Nintex participates in E-Verify for work authorization. We are an Equal Employment Opportunity Organization.