Job Specifications

  • LocationNew York,New York
  • Published4 hours ago, 2021-02-27T03:01:28Z
  • 2021-03-02Full Time

Chief Information Security Officer

The ultimate source for official answers about a business online should be the business itself. However, when consumers ask questions on company websites, too often they are left in the dark with wrong answers. Yext (NYSE: YEXT), the Search Experience Cloud, solves this problem by organizing a business's facts so it can provide official answers to consumer questions - wherever people search. Starting with the company website, then extending across search engines and voice assistants, businesses around the world, like Taco Bell, Marriott, and Jaguar Land Rover-as well as organizations like the U.S. State Department-trust Yext to radically improve the search experience on their websites and across the entire search ecosystem.

The Chief Information Security Officer (CISO) will be accountable for the overall Yext Information Security and Risk & Compliance program and crafting a culture of Cybersecurity working with Product, Engineering, IT, Internal Audit & Business Leadership! In this role they will lead all aspects of application security, corporate security, security operations and engineering, and technology risk and compliance outside of direct management of SOX & ITGC. They will partner various teams to develop, implement, maintain, and continually improve the strategic and risk-based Information Security, Data Privacy, Risk & Compliance program. They own and drive product security of the Yext platform and products working with the Engineering team. They will also partner and support our revenue team on key deals, representing the information security program.

What You'll Do
  • Set the strategic direction for the overall Information Security, Risk, & Compliance program and alignment to standard methodologies
  • Develop the goals and a roadmap for the overall program, working various teams
  • Manage the security budget, working closely with Yext's financial planning team.
  • Be the leader and advocate when coordinating with peers in Engineering, IT, HR, and other business functions that impact Yext's security posture.
  • Work closely with the Engineering and Product teams to help craft and execute on product security as our product evolves.
  • Drive appropriate new certifications and refreshes with internal partners, external vendors and agencies (SOC2, HIPAA, ISO27K, GDPR, FedRamp, etc.)
  • Drive the monthly ISOC meeting with a multi-functional audience to highlight key areas of focus and provide a status on the security program to internal partners.
  • Partner with sales leadership on key deals.
  • Be responsible for the design and architecture of security systems and controls.
  • Supervise the governance of security policies and security controls.
  • Build and be responsible for a continuous improvement culture related to the information security program
  • Ensure compliance with changing privacy and data protection laws and regulations (e.g European regulations)
  • Identify risks and impactful plans to protect the business as our products and services evolve.
  • Maintain a current understanding of the cyber threat landscape impacting Yext and our industry.


What You Have
  • Bachelor's degree or similar college level education in business, technology or related field
  • Hold a known industry security certification such as those from ISC2 or ISACA.
  • 15+ years of relevant work experience including demonstrable ability to lead and coordinate critical programs and multi-functional efforts
  • Strong working knowledge and understanding of key concepts in Information Security, Risk Management, and Compliance, including application security, network security, and security operations
  • Understanding of corporate Governance, Risk, and Compliance functions
  • Consistently demonstrated growth in their own skills & leadership
  • 10+ years of experience with information and network security and vulnerability management, with growing leadership responsibilities
  • Experience with regulatory compliance, such GDPR and HIPAA
  • Familiarity with well-established security standards and frameworks such as ISO 27001, NIST SP 800-53 and COBIT.
  • Excellent written and verbal communications skills, with demonstrated ability to clearly articulate to both technical and non-technical audiences!

Yext is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ethnicity, religion, creed, national origin, ancestry, genetics, sex, pregnancy or childbirth, sexual orientation, gender (including gender identity or nonbinary or nonconformity and/or status as a trans individual), age, physical or mental disability, citizenship, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know.


Requirements

not available