Role Overview: Reporting to the CISO, as the VP of Product and Infrastructure Security you will be responsible for safeguarding our digital assets, products, and cloud infrastructure from potential threats and vulnerabilities. You will play a crucial role in shaping and executing our Information Security strategy to protect the enterprise.
What you'll do: Develop and execute a comprehensive product, application and cloud security strategy aligned with AvidXchange's business goals, objectives, and industry best practices. Responsible for the development and updating of a 5 year Product and Cloud Security road-map tied to company policies, current and emerging security frameworks, legal and regulatory requirements. Oversee the development, implementation and monitoring of product, application and cloud security policies, standards, baselines, and procedures. Lead teams responsible for conducting security assessments, code reviews, and vulnerability management for company product offerings, applications, and cloud infrastructure. Define and implement a robust application security program, including secure development practices, secure coding standards and continuous monitoring. Collaborate and educate development teams on incorporating effective security measures into the software development lifecycle. Develop and maintain a product security certification process. Ensure product zero day vulnerabilities are quickly identified and addressed. Establish and maintain a comprehensive cloud security framework, covering both infrastructure and platform services. Implement and manage cloud security controls, including identity and access management, data encryption, cyber resiliency, intrusion detection and response. Build and lead a high-performing security team, providing mentorship, coaching, and professional development opportunities. Foster a culture of collaboration, innovation, and accountability within the security organization. Act as a liaison between the security function and key stakeholders, including executive leadership, product teams, customers, etc. What we're looking for: Bachelor's degree in computer science, Information Security or equivalent work experience. 20+ year's experience and track record for successfully developing and executing security strategies in complex, technology-driven environments. 5+ years of executive information security leadership experience in a demanding SaaS environment. Thorough understanding of enterprise business dynamics and demonstrated ability to foster productive collaboration among organizational verticals, including administrative verticals (Legal, HR). Deep technical expertise in areas of product security, application security, and cloud security. In-depth knowledge of cloud security best practices and cloud platforms (e.g., AWS, Azure, Google Cloud). Proficiency with modern DevSecOps strategies, Engineering and Product workflows, and practical ability to embed cybersecurity into product pipelines with speed and agility. We would love to see: Relevant security certifications (e.g., CISSP, CISM, CCSK) preferred. Excellent communication, presentation, and leadership skills, with the ability to convey complex security concepts to non-technical audiences. Experience in the Fintech SaaS industry is a significant plus. Ideal candidate has contributed to the Information security industry as a thought leader through public speaking and/or industry frameworks, whitepapers, etc.
#J-18808-Ljbffr