Director, Security Assurance & Customer Trust

How you can help make a better world of work?

Culture Amp is looking for a Director, Security Assurance & Customer Trust to lead the continuous improvement of the Culture Amp security framework and ISMS, security improvement program, security awareness program, customer trust program, and supplier security risk management capability. The ideal person will also lead the customer trust team by ensuring the timely and accurate responses to customer enquiries relating to Culture Amp’s security and privacy practices.

In part of this team of amazing humans,

You will:

Be able to prove to our business leaders and customers that we have taken a thoughtful and diligent approach to protect the valuable data in our possession, and that those data protection efforts cover the third parties that have access to your organization’s (and our customers’) data. As such you will be responsible for the ongoing governance of security including embedding an overarching Security Framework that provides oversight of our policies, standards, and supporting procedures. This includes the maintenance of the Information Security Management Systems (ISMS) and identifying our security maturity and continuous improvement activities.

As a key leader in the implementation of a strong security culture, you will track and monitor the implementation and management of security solutions, as it relates to the ISMS and security governance, as well as review the information security strategy & roadmap to ensure it aligns with our Security Framework and maturity targets. You will manage Culture Amp’s security supplier review process allowing us to make assurances regarding our third parties. Owning both parts of a similar process (customer due diligence and Culture Amp due diligence you will find synergies and automation opportunities to help us do what we do faster, better, and to create customer and camper delight) to help us manage our security risks.

As the customer trust director, from a security point of view you will focus on increasing transparency, shifting from reactive to proactive communication, integrating trust management into go-to-market processes, and developing mechanisms to improve both security postures and trust management. As such, you will oversee the timely response to our sales teams and customers regarding product and data security, and continuous improvement of customer trust practices. Alongside your team, you will be happy to get your hands dirty, using our library of information to respond to our customers and taking the initiative to work with other departments within Culture Amp to find answers to any unknown questions. Monthly metric reporting for the Executive team will help you to communicate the growth in customer support, the timely completion of questionnaires, and engagement in high touch customer engagements.

For the Culture Amp security education and awareness program, you will be required to provide a wide-reaching education campaign including regular phishing simulations, the maintenance of both induction and annual training modules in our LMS tool, how-to confluence articles, and an annual security awareness month program. You and your team will help Campers understand their role in safeguarding information, technology, and services. Monthly metrics will be compiled by you and presented to the Executive team to demonstrate the progress of the program.

Your role in the Camp

• Lead Security Assurance and build a strong security culture
• Oversee the cyber education and awareness strategy and corresponding activities.
• Be a trusted security advisor to our customer facing teams
• Build customer relationships and trust in every interaction with sales, customer success, and directly with our customers
• Direct the security customer trust processes and manage continuous improvement of the responsiveness to prospect and customer due diligence processes regarding security, data protection, and supporting privacy as well
• Own and manage CA’s 3rd party / supplier security reviews and due diligence to secure our supply chain. Ensuring alignment to sub-processors and also mapping the link between our providers to our customers and aligning security expectations to ensure we remain within customer and contractual obligations.
• Advise on security clauses and ability to deliver when customers ask for variances in customer contracts. Create and manage a list of acceptable security terms and areas of non-negotiation for security purposes with legal.
• Keep a sound and up to date understanding of security and privacy controls, and their current state at Culture Amp.
• Work closely with the Risk team, Legal, and business partners to identify supplier security risks and opportunities to mitigate or transfer security risks.

What you’ll bring to Culture Amp

• Effective communicator and highly transparent and collaborative
• A well balanced style that aligns with Culture Amp values and is able to present a professional and trusted partner to sales/prospects/customers
• Experience in security assurance from frameworks to policies and practical security management, including SOC2, ISO27001, GDPR, and prepared to develop to include emerging technologies like standards for AI.
• Ability to work with risk and audit teams to define controls within a framework and identify key vs non key security controls and how they support the management of security risks
• Solid security literacy and previous experience in security roles relating to supplier risk management, security assurance, or responding to customer reviews of security capabilities
• Strong deductive reasoning and problem solving skills
• Good understanding of security and how to create collateral of value to customers, presented and written in an easily consumable fashion
• Laser focused on continuous improvement and how we can do things better and what might be of value to our customers over time
• External networks and ability to check in with peers outside of CA for support on best ways to tackle security challenges as they present themselves
• Preparedness to play and bit and experiment to see what works based on our culture and different ways our campers learn and take on responsibility in their domains.

You are

• Easy to get along with, an influential individual, who is immediately credible and able to easily build relationships
• A lateral thinker with a keen eye for detail and you naturally analyze assumptions
• Comfortable in ambiguity
• Great at communicating with both technical and non-technical people
• Thorough & meticulous
• work well independently and with others as part of larger team and are able to collaborate on cross-functional teams
• willingness to learn and grow
• develops a deep understanding of the broader business context and uses it to prioritise areas of focus
• Articulate and able to easily create collateral that supports the Security framework, policies & standards, and customer asks.