Freshworks is a leading provider of cloud-based customer engagement software.
Freshworks provides innovative customer engagement software for businesses of all sizes, making it easy for teams to acquire, close, and keep their customers for life. Freshworks Software-as-a-Service (SaaS) products provide a 360-degree view of the customer, are ready to go, easy to use, and offer quick return on investment. Headquartered in San Mateo, USA, Freshworks 3,000+ team members work in offices throughout the world. Freshworks has global offices in India, Singapore, Australia, UK, Netherlands, France and Germany. The company counts over 220,000 businesses in its customer-for-life community around the world including Honda, Bridgestone, Hugo Boss, University of Pennsylvania, Toshiba, Sling TV and Cisco.
The VP of Information Security, reporting to the CIO and CISO, will lead and have overarching responsibility for Freshworks’ security posture. You will be responsible for providing a highly scalable, reliable, and effective security foundation that serves the customers and business operations of the company. As we scale our business internationally and into large enterprises, our security posture has never been more important to our company and the global customers we serve.
- Enhance and manage Freshworks’ cybersecurity strategy.
- Manage a team composed of security operations, security engineering, and governance and risk management professionals.
- Establish and maintain an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.
- Ensures implementation of the information security plans and manages the operational processes for monitoring and maintaining information security.
- Maintain complete awareness of current and developing information security regulations, technology, and threats.
- Translate this information into a comprehensive set of policies, procedures, and security plans to maintain appropriate security for the various types and categories of unclassified and classified information assets.
- Monitoring and assessing the overall compliance of the organization with information security regulations, policies, programs, and procedures.
- Conduct regular third-party independent audits of our information security. Ensure any resulting actions to address gaps or weaknesses are appropriately assigned and completed in a timely manner to maintain information security.
- Manage our response to incidents and ensure that they are appropriately addressed, documented, and reported.
- Complete and deliver regular information security reports and assessments as are required by regulatory agencies and our customers.
- Prepare and report on our information security posture and status to Management.
- Bachelor's degree in business administration or a technology-related field, or equivalent work or education-related experience.
- Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
- Minimum of 7 years of experience in a combination of risk management, information security and security engineering roles.
- At least 2 years in a senior leadership role in security.
- Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS) and / or offer platform as a service (PaaS) with security commitments to customers and partners.
- Relevant experience working in the SaaS industry with a deep understanding of regulatory frameworks such as ISO, SOX, GDPR, PII, PCI, etc. is highly desired.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners, and stakeholders.
- Must be a critical thinker, with strong problem-solving skills.
- Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII).
- Ability to lead and motivate cross-functional, multi-site, interdisciplinary teams to achieve tactical and strategic goals.