Director, Cybersecurity

About the Cybersecurity Team

The Cybersecurity team at Thumbtack serves as an internal cybersecurity advisory and auditing body, dedicated to preserving the confidentiality, integrity, and accessibility of information systems, identities, and data assets. Our primary objectives include offering proactive security guidance, establishing and upholding a robust and secure infrastructure, and promoting a culture of security consciousness and adherence across the organization. We are responsible for supervising the implementation and management of all cybersecurity initiatives.

About the Role

The Director of Cybersecurity oversees all aspects of the organization's cybersecurity strategy, including risk management, incident response, compliance, and awareness training. They make quick and effective decisions to address security challenges and provide recommendations to mitigate risks. Collaborating with various departments and external stakeholders, they ensure alignment with organizational goals and regulatory requirements. Ultimately, they foster a culture of security awareness and compliance to protect data and information systems for employees, pros, and customers.

Responsibilities

• Lead and manage the cybersecurity team, including hiring, training, and performance management.
• Provide strategic direction and guidance on cybersecurity initiatives, ensuring alignment with business objectives.
• Develop and implement cybersecurity policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
• Oversee incident response activities, including detection, analysis, containment, eradication, and recovery from cybersecurity incidents.
• Stay abreast of emerging cyber threats, vulnerabilities, and technologies to continuously improve the organization's security posture.
• Collaborate with internal stakeholders, including IT, legal, compliance, and business units, to ensure cybersecurity requirements are integrated into business processes.
• Serve as the primary point of contact for cybersecurity-related inquiries from internal and external stakeholders, including clients, auditors, and regulators.

What you’ll need

If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

• Bachelor's degree in Computer Science, Information Security, or related field. Master's degree preferred.
• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Minimum of 10 years of experience in cybersecurity, with a proven track record of leadership and team management.
• Strong understanding of cybersecurity and privacy frameworks and standards, including NIST CSF, NIST RMF, ISO27001, SOC 2, PCI DSS.
• Experience leading incident response activities, including forensics, investigations, and coordination with law enforcement.
• Deep technical knowledge of cybersecurity technologies, tools, and techniques, including intrusion detection/prevention systems, SIEM, endpoint protection, and encryption.
• Excellent communication and interpersonal skills, with the ability to effectively communicate cybersecurity risks and recommendations to non-technical stakeholders.
• Demonstrated track record of leading fast-paced teams within tech industry, with ability to drive innovation and solve critical technical challenges at various scales.

Bonus points if you have

• Programming knowledge (Golang, Python, PHP, UNIX shell scripting, etc)
• Understanding of IT and information security principles and best practices (e.g., ITIL, CAN-SPAM, TCPA)