דרושים Chief Information Security Officer Ciso ב-Couchbase ב-ארהב

Governance, Risk & Compliance

• Develop, implement, and maintain an enterprise-wide information security strategy and governance framework aligned with organizational goals.
• Establish and maintain information security policies, standards, and procedures that support business continuity and risk management. This includes continuing to build and enhance governance, privacy, and security frameworks to encompass AI/ML workloads and data pipelines, ensuring responsible, compliant, and secure adoption of AI technologies across the enterprise.
• Oversee enterprise-wide security risk management, including assessments, and mitigation plans.
• Ensure compliance with relevant information security frameworks and standards including but not limited to SOC 2, HIPAA, PCI DSS, ISO.
• Collaborate with Legal and Compliance on evolving data privacy regulations (GDPR, CCPA, etc.) and integrate privacy by design across systems and products.

Security Operations

• Direct day-to-day security operations, including monitoring, detection, and response to threats.
• Lead security incident response planning and execution, acting as the senior point of escalation during security incidents.
• Serve as the primary advisor to the executive team and Board on cybersecurity strategy, risk posture, and incident readiness.
• Drive the identification and remediation of security vulnerabilities within defined SLAs.
• Manage key performance metrics for security maturity, leveraging automation, analytics, and AI to drive continuous improvement across detection, response, and compliance.
• Review, refine and mature existing security processes and tools, including but not limited to SIEM, DLP, vulnerability management, email security, end point security, penetration testing, threat hunting, threat analysis, security monitoring, and security incident response.
• Oversee business continuity and disaster recovery planning, ensuring resilience across cloud and data center operations.

Product Security

• Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.
• Assess and architect security for SaaS/Cloud applications across AWS, GCP and Azure.
• Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.
• Integrate application security tools within existing development, build, and deployment processes.
• Oversee the execution of dynamic & static code scan reviews and run-time tests.
• Own and manage the bug bounty program.
• Assist with the planning and execution of application penetration tests.
• Interface and collaborate with Engineering, Cloud, and SOC teams during security incidents.
• Work with customers as needed, to explain or enhance any security policies or product related engineering.
• Drive the remediation of security vulnerabilities in the products within defined SLAs.
• Assist in completing RFP security questionnaires

Qualifications:

• 15+ years of progressive experience in information security, risk management, or IT leadership, including at least 5 years in a senior security leadership role.
• Proven track record leading enterprise-wide cybersecurity strategy and operations in a global, cloud-first technology company.
• Solid understanding of secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices.
• Demonstrated experience with security in public cloud platforms (AWS, Azure, GCP), CNAPP (Sysdig, Wiz, etc), SAST, DAST, SCA, Networking (Firewalls, Switches, Access Points, etc.), Operating Systems (Linux, Mac, Windows), Secure Software Development, IAM, Key Management, Encryption, SIEM (Splunk, Rapid 7, Alienvault, etc.), DLP (Netskope, Checkpoint, Proofpoint, Symantec, etc), Email Security (Abnormal Security, Mimecast, etc.), and Endpoint Security (SentinelOne, CrowdStrike, etc.)
• Strong background in application and product security, including secure software design, code analysis, penetration testing, and bug bounty management.
• Must have strong collaborative skills, a growth mindset, and a willingness to make tomorrow better than today.
• Industry Certifications such as CISSP, CISM, CCISO are preferred
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.