Heptio is thinking about impact on a magnitude and time horizon that’s different from your typical start-up. That starts with our founders … two of the individuals that created Google Compute Engine, Kubernetes and the Cloud Native Computing Foundation. We understand how to build things that endure and we’ve started that at Heptio with a line-up of products, community projects and high-touch services that have an immediate impact.

Our message is resonating in the market. It has allowed us to count some of the most admired companies -- across industries -- as early customers. And, it has attracted incredible talent as we build our team. We’re growing fast and we need more great people.

With that, Heptio is seeking a Director of Security & Compliance to create and drive security and compliance initiatives across the company.

WHAT YOU’LL BE DOING…

• Develop, implement, and manage Compliance Programs, including global privacy and data protection (including GDPR)
• Serve as the Company's subject matter expert on compliance matters, with an emphasis on global and national laws and regulations
• Ownership of audits including SOC 1, SOC 2, and ISO
• Identify gaps in the security of our software development workflows and infrastructure, and develop and implement plans to address them
• Develop, implement, and manage information security training and awareness for engineers and the broader organization, including dissemination and explanation of policies and procedures
• Work to create a knowledge base to house all policies and procedures
• Maintain a good understanding of current and emerging information security, regulatory, and compliance trends
• Collaborate with Information Technology to ensure alignment with data security and compliance policies and practices
• Collaborate with Site Reliability Engineering to create and implement best practices and compliance guidelines for product security
• Participate in customer meetings to ensure customers understand our security policies and practices

YOUR QUALIFICATIONS...

• Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline
• 10+ years of experience in Information Security with demonstrated experience collaborating with general counsel and HR to create governance, policy, procedure and best practices surrounding operational security topics
• Strong knowledge in technical foundations of modern public cloud computing security, application security, networking security, and cryptography
• A background in establishing and building operational security programs which could include: vulnerability management programs, patch management, incident response, authentication (SAML, SSO, RBAC), authorization (2FA/MFA), infrastructure management, network management, penetration testing, and red/blue teaming
• Proven experience in security design review and threat modeling
• Extensive knowledge of SOC and ISO Compliance as well as knowledge of Cloud Security Alliance (CSA), PCI/DSS and global data protection and privacy laws (GDPR and Privacy Shield)
• Experience presenting security topics to a wide variety of audiences
• Strong communication skills - both written and verbal
• Strong management skills - eventually this will grow into a management role
• Proven analytical and organizational skills to independently work on multiple projects, and meet deadlines while ensuring quality results

About Heptio Heptio powers giant leaps in development productivity and resource efficiency. We provide the products, services and community projects that customers need to unlock the full potential of upstream Kubernetes. It’s all neatly packaged in the Heptio Kubernetes Subscription, the essentials needed to deploy, manage and support an open source Kubernetes distribution across multiple clouds. Important: we are an equal opportunity employer and value diversity at our company. We’re strongly committed to providing equal employment opportunity for all employees and all applicants for employment. We want to embody the change we need in our industry.