Vice President, Information Security
Procare Solutions · Atlanta, GA · 2 mo ago
Information Technology$200k–$250k/yrFull-time
About the role
The VP Information Security is a senior leader responsible for establishing and executing Procare’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO this role will serve as the company's top security leader — translating complex cyber risk into business language, protecting customer data, enabling compliant product growth, and building a world-class security organization.
What you’ll do:
Security Strategy & Leadership
- Define, own, and continuously evolve a multi-year enterprise security roadmap aligned to business objectives, growth stage, and risk appetite
- Serve as the primary security advisor to the executive leadership team, present security posture, risk metrics, and investment cases with clarity
- Lead a high-performing security organization including Security Operations, GRC, AppSec, and Cloud Security functions
- Champion a security-first culture across the company through education, executive sponsorship, and accountability
- Translate technical risk into business impact using quantitative risk frameworks (e.g., FAIR) to influence budget and strategic decisions
- Navigate Roper Technologies cybersecurity framework, maintaining compliance with mandatory foundational controls and implementing selected optional controls to achieve maturity targets; serve as primary security liaison to parent company
- Establish AI security governance program to evaluate, approve, and manage AI tool adoption across the organization; implement controls for AI-specific risks including data leakage, prompt injection, and model security
- Manage security across diverse product portfolio (5+ applications) with varying technology stacks, customer bases, and compliance requirements; ensure consistent security standards while accommodating product-specific needs
- Build and maintain executive cybersecurity dashboards providing real-time visibility into security posture, risk metrics, and program progress for board, parent company, and executive leadership
Cloud & Product Security
- Secure the company's SaaS platform and cloud environments (AWS/Azure/GCP) by driving secure SDLC, vulnerability management, remediation SLAs, and penetration testing programs
- Partner with Product and Engineering leadership to embed security by design — shifting security left into development workflows without impeding velocity
- Oversee Identity and Access Management (IAM), Zero Trust architecture, data encryption, and cloud security posture management (CSPM/CNAPP)
- Define and maintain security standards for APIs, microservices, container security, and third-party integrations
Governance, Risk & Compliance (GRC)
- Own and maintain the company's Information Security Management System (ISMS), risk register, and policy framework
- Lead and maintain Type II and PCI DSS v4.0.1 certifications; oversee ISO 27001, TX-RAMP, GDPR, CCPA, and other applicable regulatory frameworks
- Manage customer security questionnaires, enterprise security reviews, and security-related RFP/procurement processes in partnership with Sales and Legal
- Develop and enforce vendor and third-party risk management programs to minimize supply chain exposure
- Ensure compliance with applicable federal, state, and international data privacy and security regulations
- Manage state-specific compliance programs including TX-RAMP certification with quarterly vulnerability reporting and evidence submission requirements
- Implement and maintain customer trust center and security documentation portal to streamline enterprise security reviews and RFP processes
- Lead supply chain security and vendor breach response program; assess impact of third-party compromises and coordinate remediation across affected systems
- Ensure compliance with child data protection requirements and education sector-specific regulations; implement specialized controls for sensitive family and student information
Security Operations & Incident Response
- Lead a 24/7-capable security operations capability including SIEM, EDR, XDR, and threat intelligence platforms
- Own the cyber incident response program: detection, investigation, containment, communication, and post-incident review (PIR) processes
- Test business continuity and disaster recovery plans with cross-functional stakeholders
- Monitor emerging threat intelligence; proactively brief leadership on ransomware, social engineering, supply chain, and AI-driven threat vectors
- Lead Zero Trust architecture planning and implementation across corporate and product environments as multi-year strategic initiative: coordinate with infrastructure, network, and identity teams
Corporate Security & IT Risk Management
- Oversee corporate IT security including endpoint protection, patch management, and corporate network security controls
- Implement enterprise patch management programs using automated tools to ensure timely remediation of vulnerabilities across workstations and servers
- Direct Active Directory security assessments and identity hygiene programs across all domain instances
- Ensure MFA enforcement for all privileged accounts and coordinate rollout of authentication requirements for staff and customers
People & Organizational Leadership
- Recruit, develop, and retain a diverse security team including Security Engineers, Analysts, GRC Specialists, and an AppSec function
- Define team structure, career ladders, OKRs, and budget for the security organization
- Manage external security vendors, MSSPs, auditors, and counsel relationships
- 12+ years' of progressive experience in information security, with at least 4 years' in a CISO, Deputy CISO, or VP of Security role
- Proven track record leading security at a B2B SaaS or cloud-native technology company; experience scaling security programs from growth stage to enterprise maturity
- Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response
- Hands-on leadership of SOC 2 Type II and PCI audits; direct experience with ISO 27001, GDPR, CCPA
- Demonstrated ability to communicate security risk to non-technical executives and board members; experience presenting to audit committees or governance boards
- Experience managing security through enterprise sales cycles including customer trust reviews, penetration test sharing, and security questionnaire programs
- Track record of building and scaling security teams from the ground up, including hiring, organizational design, and vendor management
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree or MBA preferred
- One or more industry certifications strongly preferred: CISSP, CISM, CCSP, CISA, CRISC, CEH
- Executive presence with the ability to build trust at board level and peer-level across the C-suite
- Strong business acumen — understands how security decisions impact revenue, customer trust, and company valuation
- Exceptional communication skills: able to explain complex security concepts in plain language to diverse audiences
- Collaborative, low-ego leader who can influence without authority and build bridges between security, engineering, legal, and sales
- Resilient under pressure; sound judgment in high-stakes incident scenarios
- Skilled at managing competing priorities across multiple compliance programs, product teams, and parent company requirements; able to sequence initiatives and communicate trade-offs effectively
- Core Security Platforms: Cloud security: Wiz, Orca, Prisma Cloud, or equivalent CSPM/CNAPP solutions
- Endpoint/XDR: CrowdStrike, SentinelOne, Microsoft Defender, or equivalent
- SIEM/SOAR: CrowdStrike NextGen-SIEM, Splunk, Sumo Logic, or equivalent
- Identity/IAM: Okta, Auth0, Azure AD, or equivalent
- Specialized Security Tools: Email security: Proofpoint, Mimecast, Abnormal.ai, or equivalent next-gen solutions
- Application security: Veracode, Checkmarx, Contrast Security, Snyk, or equivalent SAST/DAST platforms
- GRC/Compliance: Vanta, Drata, OneTrust, or equivalent automation platforms
- Trust & transparency: SafeBase, Whistic, or equivalent trust center solutions
- Patch management: Automox, Ivanti, or equivalent endpoint management platforms
- Emerging Security Categories: AI security and governance tools (familiarity with landscape preferred); Zero Trust architecture frameworks and implementation tools
- This position works most of the time in a fixed office location and may involve sitting and/or standing for prolonged periods
- Frequently required to communicate verbally and in writing (mostly email) with customers, prospects, and other employees
- Use of computer, telephone, and other office equipment for the greater part of the workday
- Occasional travel may be required for this position