Position: VP, Chief Security Officer

Location: San Francisco, CA

AUTODESK whatext

Weconsistently ranked as one of the best places to work in the world by the Great Place to Work Institute. Our culture empowers you to make effective decisions, work collaboratively, and take accountability for providing world class service to our customers. We encourage employees to demonstrate their expertise, communicate honestly, and be a bit of a genius. Check out the .

Autodesk is the world's leading Software Company for 3D design. Customers across the manufacturing, architecture, construction, and entertainment industries - including the last 19 Academy Award winners for Best Visual Effects e Autodesk software to design, visualize, and simulate their ideas before they're ever built or created. From blockbuster visual effects and buildings that create their own energy to electric cars and the batteries that power them, the work of our 3D software customers is everywhere you look.

And now, through our iOS and Android apps, we're making design technology more accessible to casual creators by taking technology originally built for movie studios, automakers, and architectural firms, and making it available to anyone who wants to create and share their ideas with the world.

THE OPPORTUNITY

This is a unique opportunity to build and lead a world class product and information security team for a $2.5B+ technology company.

The Vice President, Chief Security Officer (CSO) is the top leadership role responsible for establishing, maintaining, and evangelizing enterprise-wide product, cloud and information security strategies and direction. The CSO's primary accountability is to ensure that Autodesk and its customersformation assets are effectively protected in a trusted computing environment. The successful CSO is a visionary leader possessing strong skills in technology and business management. The role is responsible for managing security risks in ways that meet compliance, regulatory and customer requirements, and affirm business trust.

The CSO oversees Autodesk's security operations, assets, and information and is accountable for the development, implementation, and management of risk reporting, policy, security engineering, security education, compliance, and incidents.

Reporting to , this position is one layer down from the CEO and requires the ability to understand complex business issues and articulate the context of projects and processes to senior executives, the Board, customers, and industry leaders.

RESPONSIBILITIES

• Advocate for all company information and product security related issues including planning and development of Autodesk's security strategy in support of the company's strategic business plan.
• Build the enterprise security framework: build the foundation and help define capabilities and processes to address Autodesk's (corporate and product) security needs for the next 3-5 years.
• Improve, implement, and execute the Security Incident Response process and oversee engagement with security researcher community including our bug bounty program. Work closely with the Autodesk Crisis Management Team (CMT) and other stakeholders to protect business interests during an active security incident and drive/monitor appropriate remediation activities upon incident closure.
• Lead the Information & Product Security teams of 50 employees and 22 contractors and manage a budget of over $25M.
• Provide security updates and communications to C-Suite Executives and the Board of Directors.
• Manage security engineering, tooling and enablement for product development teams to embed security throughout the development, staging and production lifecycle
• Oversee the overall strategy and execution for the compliance program to include ISO 27001, SOC2,SOX, GDPR and other regulatory data handling certifications.
• In partnership with the General Counsel's Office, assure compliance with regional, national, and state data privacy regulations, including development of litigation e-Discovery capabilities.
• Identify and implement a risk management framework that ensures appropriate application of risk-based controls.
• Participate in enterprise risk management process advising senior management of technology risk. Develop and drive risk mitigation and remediation plans.
• Identify security technologies and trends ensuring the computing environment keeps pace with technological change and innovation.
• Manage vendor relationships with security services suppliers, including traditional product and service vendor, managed service supplier, and SaaS supplier management.
• Define and execute Information & Product Security communication and awareness program.
• Engage in security best-practice sharing with peer organizations and executive briefings.
• Develop the global security team to grow to its next level of maturity and scalability.
• Chair a steering committee that brings together key product stakeholders to develop and review data security and risk strategies.
• Represent company data protection strategy, status and roadmap to customers and drive and enable customer trust

QUALIFICATIONS

• 12+ yearsperience with a proven track record of security engineering and management in a large scale, internet facing environment. Significant understanding of IT and cloud Infrastructure technologies including network, server, end-point, mobile, storage and its relation to overall IT.
• 5-10 yearsecutive management experience working with C-Level executives and customers.
• 8 yearsperience managing a global enterprise security function in the tech industry.
• 5 yearsperience with SaaS/IaaS/PaaS solutions and architectures.

· Proven record of inspiring, growing, and retaining top talent and driving high performance.

· Experience leading teams to develop best-in-class security tools, processes, and guidelines that maintain secure products and services throughout the software development lifecycle.

· Strong communication skills with the ability to span between high-level discussions with executives, customers, and partners to deep technical issues with engineers.

· Full stack understanding of cloud architecture security solutions: network design, controls, data, vulnerability, and incident management, penetration testing, white hat, threat detection.

· Strong business acumen to understand business drivers and provide support for coordinating and managing security practices and culture across the company.

· Experience architecting, implementing, and operating security solutions and processes in the cloud brid (AWS/DC) preferred.

· Experience in compliance certifications across multiple industries.

• Bachelor's degree in an information technology discipline. Professional information security certification e.g., Certified Information Systems Security Professional, (CISSP), SANS/GIAC, CISM - MS or MBA preferred.