About the team
This role is part of our Engineering leadership team, reporting directly to CTO. The Information Security team at Miro is responsible for all aspects of security related to enterprise IT systems, operations, compliance and industry standards and works hand-in-hand with Product Security and Trust & Compliance teams.
This team implements sustainable solutions, empowers accountable parties, and provides summarized visibility of our cyber risks to the executive team and functional leaders. All of this being implemented while ensuring a balance between speed, efficiency, sustainability, and scalability, adding resilience to the business.
We are currently expanding at a rapid rate and are looking for someone to come in to lead and represent all major aspects of Security, with a solid focus on Engineering, Compliance and Enterprise readiness. We believe in a security-by-design approach, implementing secure practices and applied regulatory requirements from the start, rather than working through a compliance checklist after implementation. In our view, engineering and architecture play a critical role in implementing security at Miro, achieving security hands-on instead of through abstract policies. You’ll be responsible for defining and implementing a strategy which will enable and support our growth by improving the security of all our products, platforms and services, and maturing our Security capabilities across the organization.
About the role
Miro is rapidly growing across all areas of the business. This is fueled by an unprecedented user growth, which in turn drives the load on our platform. We are facing an exciting challenge of scaling fast while preserving the platform stability, security and best in class user experience. Our goal is to reach the next level of maturity both in terms of the team, processes and technology. We are looking for a strong leader, who can take the organization to the next level.
You’ll be responsible for voicing support for, implementing and operationalizing security in the organization, helping to translate compliance and risk management guidelines and policy into practical product engineering practices, and into our platform in such a way that security is not an impediment to success, but rather an enabler. You will represent this function at the highest level, including at the management team level and at times to our board, so you will need to adjust communication to cater to a broad spectrum of people.
Beyond the basics of programming and system administration that any high-level tech leads are be expected to have, you should also understand security-centric tech, like identity and access management, endpoint protection, network security, application security, vulnerability management, risk management, DDOS mitigation technologies; coding practices, ethical hacking and threat modeling; and firewall and intrusion detection/prevention protocols. Most of our IT and technology footprint is on public cloud infrastructure (AWS), so strong knowledge of cloud specific security concepts and cloud native tooling is necessary. This role is expected to help with regulatory compliance. That means knowledge about a host of regulations and standards that affect our industry, such as ISO27001, SOC2, GDPR and similar, and security risk management, third party risk management is a must.
What you’ll do
- Work with different team members to understand the objectives so you can then define goals and strategy for Miro’s first line of defense in Security, Compliance and Risk, in collaboration with the second line
- Build and lead a world class team to deliver on the above objectives. Define best practices and help to bake them into our platform, and into our product and engineering teams, creating a culture of enablement
- Be responsible for creating security awareness at all layers of the organization, and for creating and rolling out programs for audiences up to board level executives
- Represent a company with HT customers, auditors, panels/conferences, voice of the company on security events and incidents
- Enable relevant standards and compliance levels by working closely with the Trust team
- Lead the on-going enterprise-wide security risk assessment and status reporting efforts
- Monitor industry trends, evolving threats, vulnerabilities and control techniques; and keep senior management informed about related security risks and implications for Miro
- Be responsible for security governance on projects, platform teams, security operations and architecture. Incident response processes, investigations and security operations centre
Your areas of focus will include
- Production security – establish an overall end-to-end assessment framework, work closely with system architecture and product security teams to assure best-in-class security
- SOC - establish the team and introduce best practices for the security operations center, based on the modern observability principles and compliance requirements
- SIEM - build and evolve a true end-to-end security information and event management system, with necessary tooling, processes, observability and staffing. Collaborate with other groups to create transparency and provide insights and recommendations based on threat intelligence and industry insights
- IAM - implement best-in-class identity access management solutions and processes enabling secure and seamless access to production and internal systems. Collaborate with multiple team members to identify use cases and jointly handle them on all levels
- Risk Management & Compliance - be responsible for the risk register, framework and the cross-departmental process to ensure all business risks are adequately logged, assessed and actioned or accepted, with a periodic review and communication to stakeholders Support the Trust team in enabling the necessary compliance levels and act as a security partner in all related certifications and audits.
- Security Awareness - establish security awareness and training programs for staff across the entire organization, develop “security ambassadors” talent within different departments leading to a federated security model
We are looking for an experienced CISO who can set the vision, strategy and build a strong team to implement it.
What you’ll need
- 10+ years of security leadership experience and 5+ years of experience as CISO in large scale international SaaS business, thorough understanding of SaaS business model, cloud security, compliance and customer demands
- Strong knowledge of compliance, familiarity with industry standards like SOC2, ISO27001 etc. and experience with internal and external audits. Experience with setting up SOC and GRC functions, working knowledge of SIEM and other relevant tools
- Excellent operational and process skills, you know the art of balancing the capacity between the project work and the ongoing operational stream
- Experience setting an incredibly high bar for operational excellence across the security team, and putting systems in place to measure against that bar
- Experience running incident response and post-incident review
- Solid experience with various types of cloud and SaaS security
- You are obsessed with automation and metrics - security monitoring and end-to-end observability is key to success in this role.
- Proven technical background and acumen stemming from deep understanding and experience across complex products and systems Deep understanding of application security, web applications, and modern techniques, pipelines and tools for building software
- Proven project/program management skills to successfully lead multi-functional security initiatives and enable internal teams with the relevant collateral arming them to handle security conversations with enterprise customers
- Bachelor or higher degree, or its equivalent, in Information Security, Computer Science, Information Technology, Information Systems Management
What’s in it for you
- Competitive equity package
- Medical insurance coverage
- Allowance to facilitate remote working during WFH period
- Weekly remote team activities to keep the spirits high
- Opportunity to work for a truly global multicultural team
- Lunch, snacks and drinks provided when back in the office
Miro is an online collaborative whiteboard platform that enables distributed teams to work effectively together, from running brainstorming sessions and workshops to planning projects, from designing new products and services to facilitating agile ceremonies. Miro is trusted by Dell, Cisco, Deloitte, Okta, Shopify, and many more global companies of all sizes.
We are a team of dreamers. We look for individuals who dream big, work hard, and above all stay humble. Collaboration is at the heart of what we do and through our work together we hope to create a supportive, welcoming, and innovative environment. We strive to play as a team to win the world and create a better version of ourselves every day. If this sounds like something that excites you, we want to hear from you!
At Miro, we strive to create and foster an environment of belonging and collaboration across cultural differences. Miro’s mission — Empower teams to create the next big thing — is how we think about our product, people, and culture. We believe that creating big things requires diverse and inclusive teams. Diversity invites all talent with different demography, identities and styles to step in, and inclusion invites them to step closer together. Every day, we are working to build a more diverse Miro, cultivate a sense of belonging for future and current Mironeers around the world, and foster an environment where everyone can collaborate and embrace differences.