Security And Compliance Manager

Dovetail's mission is to improve the quality of every thing. We empower 85,000+ people, from agencies to universities to Fortune 100 companies, to make sense of their customer research in one collaborative and powerful research platform.
We're all about sweating the details on delightful experiences, tackling ambitious challenges, and delivering customer value. We're growing rapidly and looking for a Security & Compliance Manager to join our operations team and to take ownership of Dovetail's security posture.
This is a highly cross functional role where you'll be working across IT, Legal, Engineering and Revenue. We are looking for someone who's excited by the opportunity to be part of establishing a security & compliance team from scratch, and tackling diverse technical & strategic challenges.
**What you'll do**
- **Step into the role of Dovetail's Security Officer and HIPAA Security Officer.** As Security Officer, you'll be responsible for creating, maintaining, enforcing and approving security policies and procedures, leading various security initiatives (such as monitoring, vulnerability management, incident detection and response), and tracking and reducing security risk across our organization. As HIPAA Security Officer, you'll also be responsible for approving or disapproving proposed activities that may require Dovetail to process protected health information.
- **Oversee compliance activities.** You'll help ensure we comply with applicable privacy laws, particularly in relation to data management and data breach processes. You'll also oversee and manage our compliance with security standards like SOC2 and HIPAA (including conducting regular access reviews, risk assessments, and business continuity and disaster recovery testing), progress new compliance activities (like obtaining ISO 27001 compliance), and own the relationship with any vendors we engage to assist our compliance efforts or assess us against such standards.
- **Lead employee security awareness training.** You'll lead training on our security policies and procedures with employees when they start at Dovetail and annually thereafter. You'll ensure that all employees are aware of their responsibilities with regard to personal information and protected health information.
- **Take ownership of customer security reviews.** You'll support our Revenue and Legal teams and take ownership of any security reviews requested by our high-touch customers as part of their procurement processes. This includes reviewing, approving and maintaining the accuracy of of security questionnaire response library and managing the relationship with the third party vendors we engage to help us with this work.
- **Vendor procurement and management.** You'll play an important part in our vendor risk assessments at the procurement stage and throughout the lifecycle of our vendor relationships. As part of this, you'll review and sign-off on vendor security documentation and manage and maintain security reports for critical vendors.
- **Collaborate cross-functionally.** You'll help bridge the divide between our Engineering, Legal, Security, Operations and Revenue teams by translating complex Security concepts to understandable concepts for stakeholders, and interpreting legal documents as they relate to these concepts.
- **Own our automated security and compliance platform, Vanta.** You'll own Vanta, the platform we use for automated security and compliance. You'll ensure the platform is properly set up, and follow up on failing security tests. You'll work together with the legal department to make sure our policies are up to date, and you will execute our periodic risk assessments.

**Your background**
- **Relevant industry experience.** Ideally, you have worked in SaaS or a regulated industry (such as financial services) and have extensive experience in a similar role or roles. You have led or contributed to the creation, management or enforcement of internal security policies and programs.
- **Knowledge and awareness.** You have a foundational knowledge of key security programs, such as SOC 2, ISO and HIPAA as well as a demonstrable familiarity with global privacy laws and regulations, including the GDPR (EU & UK), CCPA-CPRA, LGPD and the Australian Privacy Act. CIPP/E or CIPP/US certification is a plus
- **Leadership qualities.** You are comfortable influencing and educating an organization on the importance of implementing and maintaining privacy and security initiatives.
- **Cross-functional and commercially minded.** You have an appreciation for commercial drivers, which informs a pragmatic and common sense approach to problem solving without sacrificing technical accuracy.
- **Subject matter expertise.** You understand complex IT concepts (including networking and infrastructure) and can interpret and explain these concepts to non-technical internal stakeholders and customers.
- **Attention to detail.** You are extremely d