Head of Information Security – Spotify
Company Website: https://www.spotify.com/us/
Location: New York City, New York
Position Type: Management
Employment Type: Full-Time
The Head of Information Security is the top technology leadership role responsible for establishing the security strategy and direction for Spotify. As our top information security leader, you will have the opportunity to drive and implement the security strategy in a fast growing company with over 286M users! Demonstrating your vision, domain expertise, and strong leadership skills, you will help take Spotify securely into the next phase of our company’s success.
Working closely with the rest of our product engineering teams, you and your team will be responsible to ensure that Spotify is able to continue to safely and securely ship highly scalable products as quickly and frictionlessly as feasible. You will protect our customer and company information and secure our IT infrastructure. You will nurture and protect a balanced culture of security awareness by supporting and enabling risk analysis and strong security practises throughout the company. You will provide leadership in maintaining Spotify’s security policy, standards and practices for the entire company and ensure that Spotify is in compliance with all applicable laws, directives, and policies regarding the securing of information. You will drive implementation of security plans, including incident response, and lead the operational processes for monitoring and maintaining security and compliance.
Additionally, working closely with the company Board of Directors, Executive Officers, Senior Management, Legal and the company’s Internal Audit team, you will ensure alignment between Security and privacy policies, training, and practices across the company. The Head of Security reports to the VP, Technology Platform, and is open in Stockholm or NYC.
- Develop and drive implementation of near- and long-term security strategy and goals in alignment with Spotify’s business objectives and culture.
- Attract and retain extraordinary security talent across engineering, product management, and operational roles, enabling our security team to scale rapidly and effectively. Lead the development of the Security organization and enable it to scale and support our rapidly growing company.
- Advocate for all company security-related issues, across our global presence. Resolve Spotify-wide security resource requirements including budget, staff, training needs and prioritization. Work with senior stakeholders where appropriate to embed security expertise in other functions.
- Provide expert counsel and mentorship to senior leadership (including the board of directors) on security and its impact across business strategy, programs, products/services, and operations.
- Lead the team to maintain security policies, standards, frameworks, procedures and guidelines and ensure that they are aligned with the strategy and compliance programs like GDPR, SOX, and PCI DSS. Partner closely with Legal, our Data Protection Officer, Internal Audit/Controls, and HR on security-related topics.
- Lead all aspects of and continuously improve the governance and management of security to reflect changing technology, threat landscapes, regulatory requirements, and industry standard methodologies.
- Develop and drive risk analysis, mitigation and remediation plans. Plan for and lead large-scale security incident response and recovery efforts.
- Evolve Spotify’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to and recover from incidents.
Desired Skills & Experience
- A breadth of senior leadership experience in security, engineering, or IT management.
- Experience working with C-Level executives and other senior partners.
- Significant experience running a global technology security function, preferably in a broadly scaled consumer facing software/high technology industry.
- Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery.
- Experience in leading engineering culture in an agile & devops environment, and you are able to cultivate and grow the culture in existing teams.
- Proven strong leadership and management skills and the ability to secure results through others.
- Significant experience working with Software/Infrastructure/Platform-as-a-Service (SIPaaS) solutions and architectures.
- Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs.
- Knowledge of relevant security and compliance frameworks, standards and regulations (such as SOC2, Cloud Security Alliance (CSA), NIST, COBIT, PCI-DSS, GDPR, DPA, ISO270xx).
We value people as much as technology and our shared values of innovation, partnership, transparency, passion and playfulness guide our behavior and our decisions. We believe an effective security organization begins with building a positive security culture that enables the business. We’re looking for someone who understands this and will help craft it as it evolves.