Job Description

What You'll Do

Reporting to the Chief Security Officer (CSO), the VP of Cyber Security will be responsible for cyber security, operational risk management, compliance, data privacy, corporate security policy, and governance practices for protecting Avalara's products and content. The role and responsibilities span end-to-end security operations, disaster recovery, and business continuity. The VP should build good working relationships with key company leaders and be part of the team that strategically and operationally prepares us for long-term success. End-to-End Security Focus.

At Avalara, we take security seriously. Our world-class international security team, comprising over 100 staff in Cyber Security, Product Security, and Risk Management, is a testament to our commitment to maintaining the highest security standards.

What You'll Need to be Successful

End-to-End Security Focus

• Lead and work with other leaders to manage a network of internal security specialists who safeguard our assets, intellectual property, and computer systems.
• Design and implement business-relevant metrics to measure the effectiveness of the security and risk management controls while increasing the maturity of the security program and ensuring Avalara is recognized as a thought leader in the sector.
• Uphold the Avalara brand integrity in terms of customer data and privacy.
• Compliance, Documentation, and Governance.
• Understand security best practices, policies, plans, and procedures being adopted by industry leaders and ensure Avalara is on par with its peers in the FinTech industry.
• Create, maintain, and publish up-to-date Security Awareness and Security Governance policies, standards, and guidelines.
• Creation and maintenance of global security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
• Interact with the Executive Team on topics pertinent to the overall Corporate and IT Risk Management program.

Risk Management

• Identify and evaluate security risks, develop strategies, plans, and processes to manage those risks, and ensure the implementation of those risk mitigation plans are in balance with our goals.
• Measure the total potential cost of risk, including recovery, lost productivity, lost revenue, and damage to our assets and reputation – and lead the development of an overall security management plan.

People and Culture

• Work with senior business leaders, technology groups, and external parties as an expert in the field of information security.
• Work collaboratively with all Avalara departments and business leaders to advocate the corporate security vision and to facilitate improved corporate awareness, information sharing, and compliance.
• Employee education and awareness of new security standards and policies
• Disciplinary actions were required for breaches of security policies.

Technology and Vendors

• Assess the current state and then lead the implementation of new technologies, procedures, and security products that will support our overall digital security requirements.
• Manage and oversee security implementation projects by Business, Corporate IT, and Operations teams.

Key Performance Indicators

• Intrusion attempts: How often have bad actors attempted to gain unauthorized access?
• Security incidents: How often has an attacker breached your information assets or networks?
• Mean Time to Detect (MTTD): How long do security threats go unnoticed? MTTD measures how long it takes your team to become aware of indicators of compromise and other security threats.
• Time to Resolve (MTTR): What is the mean response time for your team to respond to a cyberattack once they are aware of it?
• Mean Time to Contain (MTTC): How long does it take to close identified attack vectors?
• First-party security ratings: Security ratings are often the easiest way to communicate metrics to non-technical colleagues through an easy-to-understand score.
• Average vendor security rating: The threat landscape for your organization extends beyond your borders and your security performance metrics must do the same. This is why vendor risk management and a robust third-party risk management framework is required.
• Patching cadence: How long does it take your team to implement security patches or mitigate high-risk CVE-listed vulnerabilities?
• Company vs. peer performance: The topic metric for board-level reporting today is how your organization's cybersecurity performance compares to the peers in your industry.
• Vendor patching cadence: This metric involves determining how many risks your vendors have and how many important vulnerabilities are yet to be remediated.
• Mean time for vendors to respond to security incidents

About The Team

• 15 years of experience in technology or IT
• 10 years of cyber security or risk management experience
• 5 years of senior leadership experience, managing teams of over 30 staff members
• History of experience with a variety of communication skills.
• A bachelor's degree is required; an MS or higher is a plus.

How We'll Take Care of You

Total Rewards

In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.

Health & Wellness

Benefits vary by location but generally include private medical, life, and disability insurance.

Inclusive culture and diversity

Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.

Flexible hybrid working

We support hybrid work and flexible schedules for our employees.

Learn more about our benefits by region here:

About Avalara

We’re Avalara. We’re defining the relationship between tax and tech.

We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year.

Last year, we became a billion-dollar business , and our tribe expanded by a cool thousand people - there’s nearly 5,000 of us now. Our growth is real, and we’re not slowing down - not until we’ve achieved our mission - to be part of every transaction in the world.

We’re bright, innovative and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.

We’ve been different from day one. Join us, and your career will be too.

EEO Statement

We’re an Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.

Job Tags

Flexible hours,

Similar Jobs