The Head of Information Security is the top technology leadership role responsible for establishing the security strategy and direction for Spotify. As our top information security leader, you will have the opportunity to drive and implement the security strategy in a fast growing company with over 286M users! Demonstrating your vision, domain expertise, and strong leadership skills, you will help take Spotify securely into the next phase of our company’s success.
Working closely with the rest of our product engineering teams, you and your team will be responsible to ensure that Spotify is able to continue to safely and securely ship highly scalable products as quickly and frictionlessly as feasible. You will protect our customer and company information and secure our IT infrastructure. You will nurture and protect a balanced culture of security awareness by supporting and enabling risk analysis and strong security practises throughout the company. You will provide leadership in maintaining Spotify’s security policy, standards and practices for the entire company and ensure that Spotify is in compliance with all applicable laws, directives, and policies regarding the securing of information. You will drive implementation of security plans, including incident response, and lead the operational processes for monitoring and maintaining security and compliance.
Additionally, working closely with the company Board of Directors, Executive Officers, Senior Management, Legal and the company’s Internal Audit team, you will ensure alignment between Security and privacy policies, training, and practices across the company. The Head of Security reports to the VP, Technology Platform, and is open in Stockholm or NYC.
- Develop and drive implementation of near- and long-term security strategy and goals in alignment with Spotify’s business objectives and culture.
- Attract and retain extraordinary security talent across engineering, product management, and operational roles, enabling our security team to scale rapidly and effectively. Lead the development of the Security organization and enable it to scale and support our rapidly growing company.
- Advocate for all company security-related issues, across our global presence. Resolve Spotify-wide security resource requirements including budget, staff, training needs and prioritization. Work with senior stakeholders where appropriate to embed security expertise in other functions.
- Provide expert counsel and mentorship to senior leadership (including the board of directors) on security and its impact across business strategy, programs, products/services, and operations.
- Lead the team to maintain security policies, standards, frameworks, procedures and guidelines and ensure that they are aligned with the strategy and compliance programs like GDPR, SOX, and PCI DSS. Partner closely with Legal, our Data Protection Officer, Internal Audit/Controls, and HR on security-related topics.
- Lead all aspects of and continuously improve the governance and management of security to reflect changing technology, threat landscapes, regulatory requirements, and industry standard methodologies.
- Develop and drive risk analysis, mitigation and remediation plans. Plan for and lead large-scale security incident response and recovery efforts.
- Evolve Spotify’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to and recover from incidents.
We value people as much as technology and our shared values of innovation, partnership, transparency, passion and playfulness guide our behavior and our decisions. We believe an effective security organization begins with building a positive security culture that enables the business. We’re looking for someone who understands this and will help craft it as it evolves.