See who InvoiceCloud, Inc. has hired for this role
Security verification
Save job
Welcome back
Sign in to save Vice President, Information Security at InvoiceCloud, Inc..
Report this job
About InvoiceCloud:
InvoiceCloud is a leading provider of online bill payment services. Founded in 2009, the company has grown to be one of the leading disruptors in the cloud-based electronic bill presentment and payment (EBPP) space, helping institutions put customer experience first. By switching to InvoiceCloud, clients can improve customer engagement, loyalty, and efficiency while reducing churn and missed payments in the process. With over 50 million payments processed annually, InvoiceCloud is one of the most secure, innovative, and inclusive fintech solutions in the market. To learn more, visit www.InvoiceCloud.com.
The fundamental duty of the Vice President, Information Security is to reduce or eliminate the security risks to InvoiceCloud's intellectual property, data, critical infrastructure and other information and physical assets. They are primarily responsible for establishing and maintaining the governance, strategy, actions, processes, policies, tools, partnerships, and other controls designed to protect those assets from unauthorized access, use, theft, tampering, or damage. The Vice President, Information Security will report to InvoiceCloud's General Counsel.
More detailed responsibilities for the Vice President, Information Security role include, but are not limited to the following:
Build and maintain a culture of security for the organization where security is a forethought, not an afterthought and is integral to the key ingredients of success for InvoiceCloud.
Develop and nurture a team of crack security professionals focused on honing their craft while improving the reputation of InvoiceCloud as a market leader in digital payment and customer engagement services.
Assemble a network of key stakeholders, service provides, and industry experts to provide the Vice President, Information Security and their team the necessary support in pursuit of their objectives.
Foster collaboration, encourage diverse thought and productive debate, and inspire innovation that quickly produces solutions to security challenges.
Promote a security vision aligned with InvoiceCloud's mission and company objectives through actions and communication.
Develop security capabilities that present obvious value to customers and are recognized as competitive differentiators.
Abstain from creating security impediments to product innovation and customer engagement.
The Vice President, Information Security will also be responsible for maintaining a comprehensive security program that includes coverage for the following domains including but not limited to:
Oversight, governance, and management: ensure that security operations run smoothly and in a manner that continuously improves the overall security maturity level as measured against industry-standard frameworks such as HiTrust, PCI –DSS, NIST CSF, SP 800-53, 171, or others; maintain compliance with standards commensurate with business needs; maintain communication with key leaders such that risks are known and managed.
Open-source software: continually evaluate the suitability and integration of open-source software and services; maintain and expand understanding of open-source software, licensing, and ecosystem; develop and oversee open-source security policies, protocols, and procedures; and conduct security research on the latest open-source threats, vulnerabilities, and mitigation strategies.
Artificial intelligence: develop and implement a GenAI security strategy that aligns with InvoiceCloud's objectives and the regulatory landscape; ensure compliance with AI-specific security frameworks; lead efforts to identify and mitigate vulnerabilities specific to GenAI systems; and collaborate with development teams to integrate security best practices into the deployment of AI models.
Security architecture and strategy: plan, budget, procure, and implement security strategy as an integrated function inside business operations and product development; design and implement a security architecture that is aligned to and supportive of business goals.
Threat intelligence and risk assessments: maintain awareness of current and potential security threats, breaches, and attack vectors through a variety of channels; provide company executives with insight and warnings to possible issues vendors, partners, customers, potential mergers or acquisitions, and other material business strategies or relationships.
Legal and compliance integration: continuously maintain a proactive posture and level of preparedness for pending legislation or industry shifts impacting applicable information security; foster an assertive bias towards innovation in integrating information security practices into the fabric of the organization.
Security operations: real-time threat detection, analysis, response, and remediation; general security hygiene, patch management, and security awareness training/testing; incident response and management; comprehensive vendor risk management.
Data loss prevention: ensure data, information, assets, and proprietary property remain secure from corruption, misuse, and theft.
Investigations and forensics: assemble the capabilities, including but not limited to technology and team, to conduct investigations with the appropriate chain of custody and forensic procedures to determine the potential indicators of compromise for a known or suspected security breach, leak, hack, or other related issue; work with law enforcement, internal and external legal counsel to conduct the investigation in a discreet and confidential manner; incorporate finding information and remediation activity into controls to prevent future issues.
Application Security: ensure that engineering teams are trained and consistently exercising application security best practice in accordance with industry standards; ensure that application risks are known and mitigated in both internally and externally developed software
What success looks like:First 30 days
Gain business and organizational context:
Research the business model, product offering, and organizational structure of InvoiceCloud.
Observe meetings.
Insert into communications streams (Slack, Teams, email, recurring meetings)
Build relationship map for achieving goals, removing obstacles, and strategic alignment.
Meet with company's executive leadership team members.
Present initial overview of business context and key relationship map to General Counsel.
First 60 days
Establish an understanding of InvoiceCloud's information security profiles that identifies the applicable controls, frameworks, and relative maturity levels;
Evaluate the existing security program goals, progress, and effectiveness.
Review available information security risk artifacts, including incident reports, risk register, program documentation, training material and other relevant information, identifying specific improvement opportunities and themes.
Assess existing team member talent, experience, productivity and summarize key findings, observations, themes, and actions to discuss with General Counsel.
Present an initial draft of a comprehensive security strategy plan document to the General Counsel that outlines organizational structure requirements, key actions, long and short-term objectives, high-level budget needs, and timeline for execution.
Prepare an observations and action report for executive leadership team presentation.
First 90 days
Deliver final comprehensive security strategy plan document that outlines centralized and harmonized security reporting strategy, organizational structure, key actions, long and short-term objectives, high-level budget needs and timeline for execution.
Develop an annual budget and goals aligned with overall InvoiceCloud planning process.
Qualifications
Bachelor's degree in IT, Computer Science, Computer Engineering, or related technical field; Master's degree or MBA preferred
10-15 years of relevant experience in information security
Aptitude to articulate technical and security content in a manner that non-technical audiences can understand.
Experience with enterprise-level governance and policy development.
A developed network of security professionals, law enforcement contacts, and vendor relationships.
Knowledge of and personal certification in various industry standards, frameworks, and programs.
Experience with application security.
Accustomed to customer and prospective customer interaction and communication.
Knowledge of current relevant legislation as well as potential and upcoming legislation and ethical considerations impacting information security practices and requirements.
InvoiceCloud provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact jobs@invoicecloud.com.
Click here to review InvoiceCloud's Job Applicant Privacy Policy.
To all recruitment agencies: InvoiceCloud does not accept agency resumes. Please do not forward resumes to our job's alias, employees, or any other organization location. Invoice Cloud is not responsible for any fees related to unsolicited resumes.
Seniority level
Executive
Employment type
Full-time
Job function
Information Technology
Industries
Technology, Information and Internet
Referrals increase your chances of interviewing at InvoiceCloud, Inc. by 2x
See who you know
Get notified about new Vice President Information Security jobs in Boston, MA.
Sign in to create job alert
Similar jobs
Director, IT Security & Compliance (Remote)
Designer Brands
Columbus, OH
VP of Information Security
VP of Information Security
Sword Health
United States
Head of Information Security (remote US)
Head of Information Security (remote US)
SeekUp
Massachusetts, United States
Vice President Information Security
Vice President Information Security
Adecco Permanent Recruitment
United States
VP, Information Security
VP, Information Security
InvoiceCloud, Inc.
United States
Director of Information Security
Director of Information Security
Confidential Logistics Supply Chain
United States
Games CISO, Senior Director Cyber Security
Games CISO, Senior Director Cyber Security
Lionbridge
United States
Head of Information Security
Head of Information Security
Point
United States
Director of Cyber Security Consulting
Director of Cyber Security Consulting
Franklin Fitch
United States
Director/Head of Information Security
Director/Head of Information Security
NMI
Schaumburg, IL
Chief Information Security Officer
Chief Information Security Officer
Alter Domus
United States
Senior Manager/Director, Global Cybersecurity & Infrastructure Operations
Celito Tech, Inc.
United States
Chief Information Security Officer
Chief Information Security Officer
360 SOC, Inc.
United States
Director of IT Cyber Security (On-Site)
Director of IT Cyber Security (On-Site)
IMTT
United States
Deputy Chief Information Security Officer
Deputy Chief Information Security Officer
Democratic National Committee
United States
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
Abidi Solutions
United States
Director of Information Security Operations
Director of Information Security Operations
Element Solutions Inc
United States
Director of Cyber Security
Director of Cyber Security
Revinate
San Francisco Bay Area
Director, IT Security
Director, IT Security
Cologix, Inc.
Denver, CO
Director, Information Security Operations
Director, Information Security Operations
Tucows
United States
Director of I.T. Security Information (Healthcare)
Director of I.T. Security Information (Healthcare)
Introduction: My name is Melvina Ondricka, I am a helpful, fancy, friendly, innocent, outstanding, courageous, thoughtful person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.