Head of Security

About You

• You are a skilled, pragmatic, and engineering-oriented SaaS security leader. You’re an engineering leader with experience leading security teams for a SaaS-based product company on modern tech stacks. You have experience working at a company that ships products and features quickly and safely. You have engineering experience and approach solving security challenges through engineering means and a product lens. You have specialized in at least one security discipline and have a deep understanding of other security functions in order to be a well-rounded security expert. You have experience working with security tools, implementing detection and response mechanisms, running red team exercises, and implementing compliance controls -- even if you aren't involved in these on a day-to-day basis. You’re familiar with OWASP Top Ten and how to effectively guard against common vulnerabilities. You are very familiar with the security needs within an engineering organization. You have a pragmatic approach to security that adapts to the company’s needs by taking business context and data as inputs when making decisions.
• You manage diverse, high-performing, and growth-mindset engineering organizations. You are an empathetic leader that values diversity and fosters a culture of psychological safety, inclusivity, and belonging that enables folks to be their true selves and do their best work. Diversity is a priority for you when hiring. You can forecast staffing needs, communicate clearly on those needs, and make hard staffing decisions that support the needs of the business. You led an organization that assesses performance equitably across diverse people and functions. You managed managers, tech leads, and individual contributors, and coached teams to be successfully autonomous. You have a passion for mentoring engineers and leaders while at the same time growing your skills. You have a track record of giving and receiving feedback well, both within and outside of your organization. 
• You can develop and deliver on an aligned security vision, strategy, and roadmap. You can develop an inspiring multi-year vision for security that aligns with and enables the company strategy. You seek feedback, learn from others, and use data and other business inputs to continuously adapt your vision to match the current and future needs of the company. You set the strategy for building security into how we build, ship, and operate our products. You have the ability to communicate your vision, strategy, and roadmap to others, gain alignment, and implement your vision with teams to get results. You define measurable outcomes and a roadmap to deliver on those outcomes. You use indicators to track progress toward outcomes and make adjustments along the way when needed. You hold yourself accountable for delivering on committed outcomes and also hold your team accountable for delivering on the roadmap. You are comfortable raising any risks to deliverables early and often. You are able to ruthlessly prioritize to prevent your teams from being oversubscribed while clearly communicating tradeoffs and prioritization decisions. 
• You build strong partnerships, enjoy collaborating, and have excellent communication skills. You take the time to get to know people and build strong relationships. You want to partner with Product Management to come up with product ideas and features that will help us sell to upmarket customers and attract users from the security community. You regularly work with engineers and other stakeholders from various disciplines to balance security concerns with product and business concerns. Ideally, you find solutions that address both needs, but if not, help build understanding around difficult decisions. You foster a security team culture that defaults to collaboration vs just assigning work to others. You have an excellent ability to take lots of business context and distill it down to valuable context for your teams. You’re able to communicate clearly verbally and in writing. You’re comfortable communicating to various levels up to Executives and can tailor your communication to the audience. You take complex security risks and make them relatable to anyone at any level. You understand the power of storytelling that doesn’t miss out on the “why” and the “what”.

Zapier is a fast-growing, remote-first company. You'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:

• Protect our millions of customers from having their API credentials compromised or put at risk.
• Continually evolve and design the future of our security organization, including enhancing and communicating our security strategy for our products and company.
• Set the vision, strategy, and deliver on a roadmap that connects to the vision and strategy.
• Work closely with your engineering, design, legal, and product stakeholders to address user problems and provide solutions.
• Develop effective ways to communicate, monitor, and lead your teams
• Keep senior leadership informed on your teams’ progress and potential blockers.
• Build rapport with each member of the Security Team, and others throughout the company, and support them through coaching and mentorship to help them grow.
• Participate in security reviews, learning and spreading security and technical knowledge throughout Zapier -- moving knowledge to documentation where appropriate.
• Guide Executive leadership team by recommending information security investments
• Provide strategic leadership for secure product development and security features in our products
• Collaborate across various disciplines (Product Managers, Designers, Researchers) to help build security goals into roadmaps and maintain alignment.
• Stay current on technological advancements, like AI, the impact it has on security, and how it can be leveraged to improve efficiency
• Recruit, interview, hire, and help onboard top talent