Jobs · Information Technology · Georgia

Vice President, Information Security

Procare Solutions · Atlanta, GA · 2 mo ago
Information Technology$200k–$250k/yrFull-time

About the role

The VP Information Security is a senior leader responsible for establishing and executing Procare’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO this role will serve as the company's top security leader — translating complex cyber risk into business language, protecting customer data, enabling compliant product growth, and building a world-class security organization.

What you’ll do:

  • Security Strategy & Leadership

    • Define, own, and continuously evolve a multi-year enterprise security roadmap aligned to business objectives, growth stage, and risk appetite
    • Serve as the primary security advisor to the executive leadership team, present security posture, risk metrics, and investment cases with clarity
    • Lead a high-performing security organization including Security Operations, GRC, AppSec, and Cloud Security functions
    • Champion a security-first culture across the company through education, executive sponsorship, and accountability
    • Translate technical risk into business impact using quantitative risk frameworks (e.g., FAIR) to influence budget and strategic decisions
    • Navigate Roper Technologies cybersecurity framework, maintaining compliance with mandatory foundational controls and implementing selected optional controls to achieve maturity targets; serve as primary security liaison to parent company
    • Establish AI security governance program to evaluate, approve, and manage AI tool adoption across the organization; implement controls for AI-specific risks including data leakage, prompt injection, and model security
    • Manage security across diverse product portfolio (5+ applications) with varying technology stacks, customer bases, and compliance requirements; ensure consistent security standards while accommodating product-specific needs
    • Build and maintain executive cybersecurity dashboards providing real-time visibility into security posture, risk metrics, and program progress for board, parent company, and executive leadership
  • Cloud & Product Security

    • Secure the company's SaaS platform and cloud environments (AWS/Azure/GCP) by driving secure SDLC, vulnerability management, remediation SLAs, and penetration testing programs
    • Partner with Product and Engineering leadership to embed security by design — shifting security left into development workflows without impeding velocity
    • Oversee Identity and Access Management (IAM), Zero Trust architecture, data encryption, and cloud security posture management (CSPM/CNAPP)
    • Define and maintain security standards for APIs, microservices, container security, and third-party integrations
  • Governance, Risk & Compliance (GRC)

    • Own and maintain the company's Information Security Management System (ISMS), risk register, and policy framework
    • Lead and maintain Type II and PCI DSS v4.0.1 certifications; oversee ISO 27001, TX-RAMP, GDPR, CCPA, and other applicable regulatory frameworks
    • Manage customer security questionnaires, enterprise security reviews, and security-related RFP/procurement processes in partnership with Sales and Legal
    • Develop and enforce vendor and third-party risk management programs to minimize supply chain exposure
    • Ensure compliance with applicable federal, state, and international data privacy and security regulations
    • Manage state-specific compliance programs including TX-RAMP certification with quarterly vulnerability reporting and evidence submission requirements
    • Implement and maintain customer trust center and security documentation portal to streamline enterprise security reviews and RFP processes
    • Lead supply chain security and vendor breach response program; assess impact of third-party compromises and coordinate remediation across affected systems
    • Ensure compliance with child data protection requirements and education sector-specific regulations; implement specialized controls for sensitive family and student information
  • Security Operations & Incident Response

    • Lead a 24/7-capable security operations capability including SIEM, EDR, XDR, and threat intelligence platforms
    • Own the cyber incident response program: detection, investigation, containment, communication, and post-incident review (PIR) processes
    • Test business continuity and disaster recovery plans with cross-functional stakeholders
    • Monitor emerging threat intelligence; proactively brief leadership on ransomware, social engineering, supply chain, and AI-driven threat vectors
    • Lead Zero Trust architecture planning and implementation across corporate and product environments as multi-year strategic initiative: coordinate with infrastructure, network, and identity teams
  • Corporate Security & IT Risk Management

    • Oversee corporate IT security including endpoint protection, patch management, and corporate network security controls
    • Implement enterprise patch management programs using automated tools to ensure timely remediation of vulnerabilities across workstations and servers
    • Direct Active Directory security assessments and identity hygiene programs across all domain instances
    • Ensure MFA enforcement for all privileged accounts and coordinate rollout of authentication requirements for staff and customers
  • People & Organizational Leadership

    • Recruit, develop, and retain a diverse security team including Security Engineers, Analysts, GRC Specialists, and an AppSec function
    • Define team structure, career ladders, OKRs, and budget for the security organization
    • Manage external security vendors, MSSPs, auditors, and counsel relationships

    Qualifications

    • 12+ years' of progressive experience in information security, with at least 4 years' in a CISO, Deputy CISO, or VP of Security role
    • Proven track record leading security at a B2B SaaS or cloud-native technology company; experience scaling security programs from growth stage to enterprise maturity
    • Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response
    • Hands-on leadership of SOC 2 Type II and PCI audits; direct experience with ISO 27001, GDPR, CCPA
    • Demonstrated ability to communicate security risk to non-technical executives and board members; experience presenting to audit committees or governance boards
    • Experience managing security through enterprise sales cycles including customer trust reviews, penetration test sharing, and security questionnaire programs
    • Track record of building and scaling security teams from the ground up, including hiring, organizational design, and vendor management
    • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree or MBA preferred
    • One or more industry certifications strongly preferred: CISSP, CISM, CCSP, CISA, CRISC, CEH
    • Executive presence with the ability to build trust at board level and peer-level across the C-suite
    • Strong business acumen — understands how security decisions impact revenue, customer trust, and company valuation
    • Exceptional communication skills: able to explain complex security concepts in plain language to diverse audiences
    • Collaborative, low-ego leader who can influence without authority and build bridges between security, engineering, legal, and sales
    • Resilient under pressure; sound judgment in high-stakes incident scenarios
    • Skilled at managing competing priorities across multiple compliance programs, product teams, and parent company requirements; able to sequence initiatives and communicate trade-offs effectively

    Security Technology Experience

    • Core Security Platforms: Cloud security: Wiz, Orca, Prisma Cloud, or equivalent CSPM/CNAPP solutions
    • Endpoint/XDR: CrowdStrike, SentinelOne, Microsoft Defender, or equivalent
    • SIEM/SOAR: CrowdStrike NextGen-SIEM, Splunk, Sumo Logic, or equivalent
    • Identity/IAM: Okta, Auth0, Azure AD, or equivalent
    • Specialized Security Tools: Email security: Proofpoint, Mimecast, Abnormal.ai, or equivalent next-gen solutions
    • Application security: Veracode, Checkmarx, Contrast Security, Snyk, or equivalent SAST/DAST platforms
    • GRC/Compliance: Vanta, Drata, OneTrust, or equivalent automation platforms
    • Trust & transparency: SafeBase, Whistic, or equivalent trust center solutions
    • Patch management: Automox, Ivanti, or equivalent endpoint management platforms
    • Emerging Security Categories: AI security and governance tools (familiarity with landscape preferred); Zero Trust architecture frameworks and implementation tools

    Physical Requirements

    • This position works most of the time in a fixed office location and may involve sitting and/or standing for prolonged periods
    • Frequently required to communicate verbally and in writing (mostly email) with customers, prospects, and other employees
    • Use of computer, telephone, and other office equipment for the greater part of the workday
    • Occasional travel may be required for this position

Similar jobs