Security Lead

Dovetail's mission is to improve the quality of every thing. We empower 85,000+ people, from agencies to universities to Fortune 100 companies, to make sense of their customer research in one collaborative and powerful research platform.

We're all about sweating the details on delightful experiences, tackling ambitious challenges, and delivering customer value. We're growing rapidly and looking for a Security & Compliance Specialist to join our operations team and to take ownership of Dovetail's security posture.

This is a highly cross functional role where you'll be working across IT, Legal, Engineering and Revenue. We are looking for someone who is excited by the opportunity to be part of establishing a security & compliance team from scratch, and tackling diverse technical & strategic challenges.

**What you'll do**:

- **Step into the role of Dovetail's Security Officer and HIPAA Security Officer.** As Security Officer, you'll be responsible for creating, maintaining, enforcing and approving security policies and procedures, leading various security initiatives (such as monitoring, vulnerability management, incident detection and response), and tracking and reducing security risk across our organization. As HIPAA Security Officer, you'll also be responsible for approving or disapproving proposed activities that may require Dovetail to process protected health information.
- **Oversee compliance activities.** You'll help ensure we comply with applicable privacy laws, particularly in relation to data management and data breach processes. You'll also oversee and manage our compliance with security standards like SOC2 and HIPAA (including conducting regular access reviews, risk assessments, and business continuity and disaster recovery testing), progress new compliance activities (like obtaining ISO 27001 compliance), and own the relationship with any vendors we engage to assist our compliance efforts or assess us against such standards. You'll identify and implement opportunities for automating our security and governance processes.
- **Lead employee security awareness training.** You'll lead training on our security policies and procedures with employees when they start at Dovetail and annually thereafter. You'll ensure that all employees are aware of their responsibilities with regard to personal information and protected health information.
- **Take ownership of customer security reviews.** You'll support our Revenue and Legal teams and manage and support our Presales Security Engineer in responding to security reviews requested by our high-touch customers as part of their procurement processes. This includes reviewing, approving and maintaining the accuracy of security questionnaire response library and managing the relationship with the third party vendors we engage to help us with this work.
- **Vendor procurement and management.** You'll play an important part in our vendor risk assessments at the procurement stage and throughout the lifecycle of our vendor relationships. As part of this, you'll review and sign-off on vendor security documentation and manage and maintain security reports for critical vendors.
- **Collaborate cross-functionally.** You'll help bridge the divide between our Engineering, Legal, Security, Operations and Revenue teams by translating complex Security concepts to understandable concepts for stakeholders, and interpreting legal documents as they relate to these concepts.
- **Own our automated security and compliance platform, Vanta.** You'll own Vanta, the platform we use for automated security and compliance. You'll ensure the platform is properly set up, and follow up on failing security tests. You'll work together with the legal department to make sure our policies are up to date, and you will execute our periodic risk assessments.
- **Lead our security engineering practices.** You'll promote and evangelize security best practices in engineering, and participate in security assurance technology administration activities. You'll ensure our controls align with security strategy, support business objectives, and are consistent with applicable laws and regulations.
- **Protect our systems from breach.** You'll actively monitor our systems for attacks and intrusions, and work with engineers to proactively identify and fix security flaws and vulnerabilities. You'll build detection mechanisms, develop systems to automate remediation, conduct threat hunting, and perform network and systems forensics as well as malware and indicator analysis.

**Your background**:

- **Relevant industry experience.** Ideally, you have worked in SaaS or a regulated industry (such as financial services) and have extensive experience in a similar role or roles. You have led or contributed to the creation, management or enforcement of internal security policies and programs.
- **Knowledge and awareness.** You have a foundational knowledge of key security programs, such as SOC 2, ISO and HIPAA as wel