We are actively seeking a VP of Information Security who embodies a mix of humility and entrepreneurial spirit. This role demands a professional who can effortlessly juggle project management, people leadership, and hands-on mentorship, all grounded in a robust understanding of cyber and information security.
As a direct report to the CIO, you will play a critical role in guiding our organization through the nuances of information security governance & compliance, corporate IT security, product security, and cloud infrastructure security. This role is an exceptional opportunity for someone eager to make a meaningful impact in a dynamic and innovative environment.
Reports to: Chief Information Officer
Location: Toronto (CA) or London (UK) - Hybrid
Responsibilities:
- Develop and implement a forward-thinking cybersecurity strategy, acting as a strategic advisor to senior leaders and identifying opportunities for innovation and growth.
- Cultivate and articulate a progressive vision for the company's future security landscape.
- Instill a culture of security throughout the organization via public speaking, training programs, and stringent accountability measures.
- Oversee and refine our security posture and roadmap, ensuring alignment with Docebo’s business objectives and industry best practices.
- Collaborate with key stakeholders such as our CPO, CTO, and other executives to ensure the integrity of our products and systems.
- Champion adherence to and compliance with recognized industry security standards, conducting internal audits and coordinating with external auditors as necessary.
- Inspire and guide a high-performance cybersecurity team, setting clear objectives, and milestones, and maintaining accountability.
- Expand your expertise in our products, technologies, and systems to drive informed decisions.
- Manage security-related contractual and legal matters; author and maintain comprehensive internal and external policy and process documentation.
- Implement and track security metrics to ensure effectiveness and enable continuous optimization.
- Promote a culture of distributed security responsibility, improving training and awareness across the organization.
- Provide hands-on mentorship and support to your team, fostering a collaborative and inclusive environment.
- Prioritize and plan cybersecurity projects effectively, setting clear success criteria and detailed implementation plans.
- Engage in pragmatic collaboration with tech and product leaders, justifying cybersecurity initiatives with clear value, cost, and risk assessments.
- Represent Docebo in professional forums, including negotiations and interactions with industry peers, regulators, auditors, and other external stakeholders.
Requirements:
- At least 8 years of relevant experience in technology and/or cybersecurity, including a minimum of 3 years in a senior leadership role.
- Recent experience in SaaS or Product Software Companies.
- Proven experience in scaling security practices in a rapidly growing organization.
- Hands-on experience with in-house software development teams, particularly in securing web and mobile applications, and in cloud environments.
- Broad expertise in both corporate IT security and product cybersecurity.
- Demonstrated ability to lead change and ensure the delivery of projects with a high standard of quality and timeliness.
- Deep knowledge of infrastructure security, with a strong focus on cloud-based security practices and technologies. AWS cloud expertise is preferred.
- Proven track record of growing and developing a team in tandem with fast-paced company growth.
- A business-first, solution-oriented mindset in security, extending beyond traditional risk and gap analysis.
- The capability to operate both in detail-oriented tasks and in developing overarching security strategies and frameworks.
- Strong regulatory knowledge, including familiarity with Privacy Laws, SOC2, ISO27001, and an understanding of the changing dynamics in AI. FedRamp experience is advantageous.
#LI-Hybrid