It's fun to work in a company where people truly BELIEVE in what they're doing!We're committed to bringing passion and customer focus to the business.
OUR MISSION At Redwood Software we unleash human potential. We empower our customers with lights-out automation for their mission-critical business processes.Redwood Software is the leader in full stack automation for mission-critical business processes. With the first SaaS-based composable automation platform specifically built for ERP, we believe in the transformative power of automation. Our unparalleled solutions empower organizations to orchestrate, manage and monitor their workflows across any application, service or server - in the cloud or on premise - with confidence and control.
CORE VALUES One Team. One Redwood
Make Your Own Weather
Obsess over Customer Success
Work the Problem
Be Curious
Own the Outcome
Respect Each Other
YOUR IMPACT The Director of Information Security will lead the design, execution, and management of a comprehensive security program for a cloud-native SaaS environment. This role will focus on securing software development lifecycles (SDLC), driving DevSecOps initiatives, and overseeing security operations to protect customer data, intellectual property, and infrastructure. The ideal candidate will bring deep expertise in cloud security and application security while fostering a culture of security-first innovation.
Strategic Leadership:
- Develop and implement a forward-looking security strategy tailored to a fast-paced SaaS environment.
- Align security initiatives with business objectives, ensuring seamless integration of security into product development and operational processes.
- Partner with senior leadership to communicate security risks and strategies effectively.
Secure SDLC & DevSecOps Leadership:
- Embed security practices throughout the SDLC to ensure secure software design, development, testing, and deployment.
- Implement and champion DevSecOps principles, including CI/CD pipeline security, code analysis, and vulnerability management.
- Collaborate with development teams to identify and remediate application security risks.
Cloud Security:
- Oversee the security of cloud platforms (e.g., AWS, Azure, GCP), ensuring robust configurations and compliance with best practices.
- Implement advanced identity and access management (IAM), encryption, and threat detection solutions in the cloud environment.
- Develop incident response plans and lead investigations specific to cloud-based applications and services.
Security Operations:
- Build and oversee a security operations team to monitor, detect, and respond to threats in real-time.
- Implement and manage advanced threat intelligence, SIEM, and EDR/XDR solutions.
- Establish metrics and reporting mechanisms to evaluate and improve the organization's security posture.
Team Leadership and Collaboration:
- Lead cross-functional collaboration between Security, Development, Operations, and Product teams to foster a security-first culture.
- Recruit, mentor, and develop a high-performing security team with expertise in DevSecOps and Security Operations.
- Act as the primary security advocate, driving organization-wide security awareness initiatives.
Emerging Technologies and Continuous Improvement:
- Stay ahead of emerging threats, technologies, and trends, applying insights to enhance security strategies.
- Evaluate and deploy innovative tools and technologies to improve security processes and reduce risks.
Budget and Vendor Management:
- Manage the security budget, ensuring optimal allocation of resources.
- Evaluate and manage third-party vendors and partners supporting the security program.
YOUR EXPERIENCE- Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree preferred.
- CISSP, CISM, or equivalent required. Additional certifications (e.g., CCSK, AWS Security Specialty, GCSA) are a strong plus.
- 10+ years of experience in information security, with 5+ years in leadership roles.
- Deep expertise in cloud-native security and secure SDLC practices.
- Proven experience implementing and managing DevSecOps frameworks.
- Strong background in security operations, including incident response and threat management.
- Strong leadership and collaboration skills to work effectively with technical and non-technical teams.
- Expertise in cloud security architectures and tools (e.g., WAFs, container security, cloud monitoring).
- In-depth knowledge of secure coding practices, application vulnerabilities, and remediation strategies.
- Strategic thinking with the ability to translate security needs into actionable programs.
If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
THE LEGAL BITRedwood is an equal opportunity employer. Redwood prohibits unlawful discrimination based on race, colour, religion, sex, gender identity, marital or veteran status, age, national origin, ancestry, citizenship, physical or mental disability, medical condition, genetic information or characteristics (or those of a family member), sexual orientation, pregnancy or any other consideration made unlawful by regional or local laws. We also prohibit discrimination based on a perception that anyone has any of those characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful and will have a zero tolerance policy applied to it.
Redwood will comply with all local data protection laws, including GDPR when it comes to the handling and processing of personal data. Should you wish for us to remove your personal data from our recruitment database, please email us directly at Recruitment[redacted]
