About us:  

Limeade is an engagement company that inspires employee commitment and elevates company culture. Our mission is to improve well-being in the world. As a champion of our culture, we are looking for a high performing and talented Director of Information Security that is aligned with our mission and values.

At Limeade, we take a whole person, whole company and whole ecosystem approach to improving employee well-being and performance. But we go much further than that, helping our customers build cultures that support well-being that move the needle on their business goals. Our engagement platform is immersive and holistic – as it must be to help solve the bigger well-being and engagement problems facing today’s businesses. Recognized for its own award-winning culture, Limeade serves over 200 employers and top global brands.

We’re committed to creating a mission-driven, positive culture of improvement made up of the best and brightest people in the business. And we’ve got the awards to back it up: Business Journals ranked us #1 Best Workplace in Washington, and we’re one of the fastest-growing companies in North America (Deloitte’s Technology Fast 500™), and Fortune magazine recognized us as a Best Workplace for Women. Learn more at www.limeade.com

About the Job:

The Director of Information Security is a new dedicated role responsible for overseeing the enterprise-wide vision, strategy, architecture, and policies and programs on information security and risk for a growing SaaS company. 

This role will manage a small team of security professionals and will likely need to get hands dirty with daily operations and tasks. Our security team works closely with Legal, IT, HR, Sales, and product development teams to ensure security matters are addressed around security reviews, risk assessment, vendor management, and implementing/recommending security tools and processes to protect Limeade. We’re looking for a leader that’s passionate about security, privacy, and innovation with a desire to build out a high performing security team while delivering high quality work and owning it along the way. You should know how to prioritize, communicate clearly and compellingly, and understand how to drive a high level of focus and excellence with a strong team. We are looking for someone to continue enhancing our overall security posture, earn and foster trust between Limeade and our customers as well as our internal business units, positively influence change in a rapid environment, and protect our environments from growing, never-ending threats faced in our digital world as a SaaS solution.

Responsibilities:

• Evangelize security to C-level, individual contributors, and customers using technical and business soft skills
• Lead the Security Steering Committee
• Understand and implement regulatory compliance practices as it relates to security and privacy
• Manage technical third-party audits (SOC2 Type2, ISO 27001, penetration and vulnerability testing tests, etc.)
• Lead IT security policy and procedure creation, modification, implementation, and enforcement
• Document existing processes and procedures and the ability to create useful diagrams by interrogating teams of all technical skill levels
• Oversee completion of request for proposals (RFPs) and being able to meet with potential customers to discuss Limeade security posture and standards
• Develop security training program for Sales team to use to sell Limeade Security
• Oversee operations of dedicated security technology tools
• Maintain server, cloud, and desktop hardening procedures and baselines to ensure consistent implementation and updates
• Participate in security and data breach incident response leadership, development, and testing
• Partner with Legal team to review contracts and proposals for security, privacy, and technical requirements
• Help lead our vendor management program as it relates to IT and Security controls
• Managing and developing a strong information security team

Desired Skills & Experience:

• Ability to demonstrate our values in an on-going and consistent way
• 4+ years of experience leading, managing & developing high performance teams
• 4+ years of SaaS or enterprise website experience
• 7+ years of progressive experience within a software security team or similar operating environment
• Experience with service-oriented architectures and web services security
• Experience in generating automated metrics to measure IT security effectiveness and consistency
• Well versed in application security, infrastructure security, business risk analysis and making complex business/risk trade-off recommendations and decisions
• Technical knowledge in at least two security domains such as engineering, system and network security, authentication or security protocols.
• Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques
• Strong information security risk-based prioritization abilities
• Fundamental understanding of intersections between security and auditing/compliance, specifically around SOC reporting and/or ISO:27001
• Excellent leadership, teamwork and collaboration skills while being results-oriented, high energy, self-motivated with excellent attention to detail
• Information security professional certifications (SANS GIAC, CISM, CISSP etc.)
• Strong written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts
• BA/BS in computer science, information security, related discipline, or equivalent work experience

Limeade provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Limeade will provide reasonable accommodations for qualified individuals with disabilities.