Director of Security

COMPANY DESCRIPTION

ASG is an unconventional group of market-leading SaaS software companies serving industries ranging from behavioral health to transportation to childcare. ASG believes deeply in the power of people and data to grow great organizations and that sharing knowledge, expertise, and resources across its community of businesses drives exponential growth. ASG has acquired over 50 businesses since its inception in August of 2016. We are backed by Alpine Investors and operated by world-class PeopleFirst(™) leaders. Founders of leading SaaS companies continue to trust ASG to grow their businesses and build even stronger legacies for the future. To learn more, visit www.alpinesg.com.

JOB DESCRIPTION

We seek an experienced, hands-on Director of Security who can help our operating companies build the most secure platform. You will help our companies operationalize security best practices across our portfolio and drive best practices in application security testing, penetration testing, secure coding, infrastructure, audit, risk assessment, compliance, and incident response programs.

You will join an elite team of subject matter experts at the holding company, helping implement engineering strategy and best practices across the portfolio. Through acquisitions, you will get an opportunity to understand a wide array of tech stacks and software products and deploy a diverse set of growth strategies throughout the hold period of our investments. You will also learn from and pair with extraordinary leaders across our business.

The ideal candidate should have hands-on experience securing/auditing web and mobile applications, effective incident response, risk assessment, obtaining compliance, and strategically raising a company’s security posture. The role will report directly to the CTO at ASG.

You’re Excited About This Opportunity Because You Will:

• Perform/manage AppSec and penetration testing and provide recommendations for various mobile and web apps as well as APIs and other web infrastructure.
• Conduct forensic investigations to analyze security incidents, understand root causes, and develop strategies to prevent future occurrences.
• Support due diligence, assess security postures,identify potential risks and integration challenges during the deal process.
• Assist in businesses' exit processes, ensuring security compliance, proper documentation, and mitigating any potential security risks that could impact the sale.
• Conduct red teaming and threat modeling for various web applications, API, and Mobile apps.
• Review Azure/AWS/GCP security footprints in concert with our DevOps teams and provide recommendations.
• Assist in all aspects of audits, including risk assessments, planning, testing, control evaluation, and reporting.
• Recommend process, technology, operations, and compliance enhancements to improve the security of the portfolio companies.
• Develop and lead cyber security strategy and foster a community of Cyber Security leads across our portfolio.
• Be an effective teacher/coach and help train our teams on security best practices.
• Manage incident response through vendors and address the portfolio's security needs.
• Assist portfolio companies in getting and maintaining SOC2, PCI, HIPPA, CCPA, CPRA, and GDPR. (Among the other state/local data privacy laws)
• Be a security subject matter expert and respond to internal/external security questions.
• Provide technical design recommendations to address audit & compliance narratives in partnership with technology SMEs and leadership.
• Be the SME for cloud governance, risk, compliance, policies, and executive reporting.

We’re Excited About You Because:

• You have a minimum bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• You have 5+ years of experience in web application security testing and/or secure development methodologies.
• You have a solid understanding of authentication’s best practices, ensuring secure access control best practices are enforced.
• You understand modern web frameworks, APIs, containers, databases, and WAF well.
• You have experience performing source code analysis.
• You are familiar with Burpsuite, Nessus, ZAP, Arachni, Kali, and Nmap.
• You have strong knowledge of cloud security and governance (AWS/Azure/GCP).
• You have one of the following certificates: CISA, CISSP, CISM, OSWE, OSCP, GWAPT, or GWEB
• You have conducted incident response and/or hold the GCIH or GCFR certification
• You have experience in SOC, HIPAA, GDPR, or PCI DSS.
• You have experience performing risk assessments and appropriately prioritizing risk.
• You have excellent written and verbal communication, presentation, and listening skills, and you can present complex technical information to various technical and non-technical audiences.
• You possess a proactive, solution-oriented, problem-solving mindset -- “I’ll figure it out.”
• You thrive in a small, growing, fast-paced, results-oriented environment.

Base Salary Range: The target salary range for this position is $200- $300k), and is part of a competitive total rewards package including an annual bonus, employer-paid benefits, L&D stipend, and incentive pay for eligible roles. Individual pay may vary from the target range and is determined by a number of factors, including experience, location, internal pay equity, and other relevant business considerations. We review all employee pay and compensation programs annually at a minimum to ensure competitive and fair pay.