Chief Information Security Officer (CISO)
ABOUT THE ROLE
Upstream is looking for a talented Chief Information Security Officer to join the CTO team and focus on securing the company’s products and services.
As a Chief Information Security Officer, you will be responsible for securing cloud services and secured development processes at Upstream.
This role is full-time and is Israel-based.
Upstream is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state, or local law.
- Establish, maintain, and oversee the company’s security vision and strategy and lead the program to ensure the company has the right tools and controls in place to protect its business operations, data, tools, and network against a dynamic threat landscape.
- Develop, implement, and monitor a comprehensive company information security risk management program to ensure that the integrity, confidentiality and availability of information are owned, controlled, or processed by the organization.
- Develop, maintain and publish up-to-date information security policies, processes, standards and guidelines. Oversee the approval, documentation, training, and dissemination of security policies and practices.
- Keep up to date with new vulnerabilities and update stakeholders and the top management.
- Liaise with the R&D and IT teams, to ensure alignment between the security, system architecture, and actual implementation.
- Ensure regulatory and compliance requirements are satisfied.
- Own our SOC2 and ISO27001 certification program, which includes internal/external audits.
- Develop and monitor KPIs and management metrics to track the progress and effectiveness of the global information security program
- Develop and review global security programs and policies
- Collaborate with Upstream’s various engineering teams in order to integrate security requirements into the product roadmap, implementation, operation, and support
- Manage security incidents in the production and IT environments
- Lead remediation from audit findings or security incidents
- Own the company's security awareness program and training
- Ensure Upstream’s information assets are safe against security threats, including establishing and overseeing its global incident response program
- Overseeing planning and execution of necessary vulnerability audits, penetration testing, forensic audits and investigations.
- 3+ years of experience as a CISO of a global B2B company
- 5+ years of hands-on experience in designing, implementing, and leading security and risk management programs.
- Experience in end-to-end management of security standards (SOC2, ISO27001) and Privacy regulations (GDPR, CCPA).
- Knowledge of information security standards and frameworks such as OWASP.
- Experience in securing cloud services.
- Experience in working with development teams on building secure products.
- Extensive knowledge of network and cloud infrastructure security and best practices.
- Strong knowledge of current and emerging cybersecurity risks (primarily on web and cloud), and modern risk management methods and solutions.
- Ability to influence others and work at all levels and departments across the organization and with external vendors and partners.
- Fluent in English both written and verbal
- Cybersecurity certification (e.g., CISSP, GSEC, CCISO).
- SOC2 compliance – An advantage